Stormshield exposes a new variant of the CTB-Locker malware

Stormshield recently identified a new variant of the CTB-Locker ransomware. Similar up until then to classic malware in terms of how it implements ransom campaigns, CTB-Locker – a fairly new malware that’s around two years old – only ran rampant on Windows workstations. In recent weeks, however the ransomware has increased its strike force by targeting website servers as a new ransom channel.

Benoit Ancel (@Benkow_), one of our Stormshield security experts and the person who made this discovery, has already identified more than 100 websites infected by the CTB-Locker malware code:

“The distinguishing feature of CTB-Locker is that it infects websites to encrypt all their contents so it can demand a ransom in return for decrypting the contents again.”

To inform the community, our expert wrote a detailed research article on our blog. The article can be accessed here: « A lock picking exercice » and, in it, the author particularly provides a list of currently infected websites.

Stormshield has already received service calls from states so it can assist them in their investigations with the information it has.

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
About the author
Karine Monmarché Global Lead Marketing, Stormshield

Karine is Global Lead Marketing at Stormshield. Her multi-expertise background includes marketing and communication in all their guises. Well-versed in strategic and service offer marketing, in external, internal, Web & editorial communication, she has dedicated her career to exploring the areas she is passionate about: energy and new technologies in the broadest possible sense.