Stormshield recently identified a new variant of the CTB-Locker ransomware. Similar up until then to classic malware in terms of how it implements ransom campaigns, CTB-Locker – a fairly new malware that’s around two years old – only ran rampant on Windows workstations. In recent weeks, however the ransomware has increased its strike force by targeting website servers as a new ransom channel.

Benoit Ancel (@Benkow_), one of our Stormshield security experts and the person who made this discovery, has already identified more than 100 websites infected by the CTB-Locker malware code:

“The distinguishing feature of CTB-Locker is that it infects websites to encrypt all their contents so it can demand a ransom in return for decrypting the contents again.”

To inform the community, our expert wrote a detailed research article on our Thisissecurity.net blog. The article can be accessed here: « A lock picking exercice » and, in it, the author particularly provides a list of currently infected websites.

Stormshield has already received service calls from states so it can assist them in their investigations with the information it has.

For more information, please contact:

Jennifer Legrand
Communication Manager
@Infosec_Jen
jennifer.legrand@stormshield.eu