CTB-Locker is back: the web server edition
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
| CTB-Locker is back: the web server edition | |
|---|---|
| Botnet | CTB-Locker |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2016 / 2016-03-01 |
| Editor/Conference | Kaspersky Securelist |
| Link | https://securelist.com/blog/research/73989/ctb-locker-is-back-the-web-server-edition/ (Archive copy) |
| Author | Ido Naor |
| Type | Blogpost |
Abstract
“ Before, CTB-Locker, or Onion Ransomware, differed from other ransomware in the usage of the Tor Project’s anonymity network to shield itself from takedown efforts that rely largely on static malware command and control servers. Its use of Tor also helped evading detection and blocking. Another thing that protected CTB-Locker controllers was accepting as payment only Bitcoins, the decentralized and largely anonymous crypto-currency known.
A new variant of the CTB-Locker targets web servers only, and to our knowledge it has already successfully encrypted web-root files in more than 70 servers located in 10 countries.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2016BFR4810,
editor = {Kaspersky Securelist},
author = {Ido Naor},
title = {CTB-Locker is back: the web server edition},
date = {01},
month = Mar,
year = {2016},
howpublished = {\url{https://securelist.com/blog/research/73989/ctb-locker-is-back-the-web-server-edition/}},
}