CTB-Locker is back: the web server edition

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

CTB-Locker is back: the web server edition
Botnet CTB-Locker
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2016 / 2016-03-01
Editor/Conference Kaspersky Securelist
Link https://securelist.com/blog/research/73989/ctb-locker-is-back-the-web-server-edition/ (Archive copy)
Author Ido Naor
Type Blogpost

Abstract

Before, CTB-Locker, or Onion Ransomware, differed from other ransomware in the usage of the Tor Project’s anonymity network to shield itself from takedown efforts that rely largely on static malware command and control servers. Its use of Tor also helped evading detection and blocking. Another thing that protected CTB-Locker controllers was accepting as payment only Bitcoins, the decentralized and largely anonymous crypto-currency known.

A new variant of the CTB-Locker targets web servers only, and to our knowledge it has already successfully encrypted web-root files in more than 70 servers located in 10 countries.

Bibtex

 @misc{Naor2016BFR4810,
   editor = {Kaspersky Securelist},
   author = {Ido Naor},
   title = {CTB-Locker is back: the web server edition},
   date = {01},
   month = Mar,
   year = {2016},
   howpublished = {\url{https://securelist.com/blog/research/73989/ctb-locker-is-back-the-web-server-edition/}},
 }