Stormshield recently identified a new variant of the CTB-Locker ransomware. Similar up until then to classic malware in terms of how it implements ransom campaigns, CTB-Locker – a fairly new malware that’s around two years old – only ran rampant on Windows workstations. In recent weeks, however the ransomware has increased its strike force by targeting website servers as a new ransom channel.

Benoit Ancel (@Benkow_), one of our Stormshield security experts and the person who made this discovery, has already identified more than 100 websites infected by the CTB-Locker malware code:

“The distinguishing feature of CTB-Locker is that it infects websites to encrypt all their contents so it can demand a ransom in return for decrypting the contents again.”

To inform the community, our expert wrote a detailed research article on our Thisissecurity.net blog. The article can be accessed here: « A lock picking exercice » and, in it, the author particularly provides a list of currently infected websites.

Stormshield has already received service calls from states so it can assist them in their investigations with the information it has.