Stormshield exposes a new variant of the CTB-Locker malware

Stormshield recently identified a new variant of the CTB-Locker ransomware. Similar up until then to classic malware in terms of how it implements ransom campaigns, CTB-Locker – a fairly new malware that’s around two years old – only ran rampant on Windows workstations. In recent weeks, however the ransomware has increased its strike force by targeting website servers as a new ransom channel.

Benoit Ancel (@Benkow_), one of our Stormshield security experts and the person who made this discovery, has already identified more than 100 websites infected by the CTB-Locker malware code:

“The distinguishing feature of CTB-Locker is that it infects websites to encrypt all their contents so it can demand a ransom in return for decrypting the contents again.”

To inform the community, our expert wrote a detailed research article on our blog. The article can be accessed here: « A lock picking exercice » and, in it, the author particularly provides a list of currently infected websites.

Stormshield has already received service calls from states so it can assist them in their investigations with the information it has.

Share on

About the author

Karine Monmarché
Global Lead Marketing, Stormshield

Karine Monmarché is Global Lead Marketing at Stormshield. Her multi-expertise background includes marketing and communication in all their guises. Well-versed in strategic and service offer marketing, in external, internal, Web & editorial communication, she has dedicated her career to exploring the areas she is passionate about: energy and new technologies in the broadest possible sense.