Yesterday, Heise Security (German) published a report about a Crypto Trojan CTB locker. This trojan horse tries to infect and encrypt all files on a user’s webspace with AES-256. Scripts, HTML files, photos, databases and other important contents will be locked and can no longer be used by the user.
Afterwards, attackers are attempting to blackmail site admins , sending emails in which they are requested to transfer a certain amount of money as bitcoins to the attacker.
We do not know yet exactly how this attack accesses webspaces. However, access is probably gained via older unprotected versions of popular web apps like WordPress or Joomla!.
So far, only a few webservers are affected. However, to ensure your site remains protected we recommend some easy to follow steps which can help you to significantly improve your website’s security.
Protecting Your Website and Webspace
Protective measures at a glance: Updates, virus protection and offline back ups.
- Update all web applications, plugins and themes on your webspace to the newest version.
- This is valid for all users with self-managed installations and standard installations through the 1&1 App Center.
- 1&1 users with Safe Mode installations and managed installations are already up-to-date and do not have to make application updates.
- Enable the newest PHP version through your 1&1 Control Panel. We recommend PHP 5.6 or higher.
- Check your local computers for viruses, malware and trojans.
- Virus scanners: For example, you can use the free EU-Cleaner from the German “botfrei” anti-botnet initiative.
- Back up your website files and your databases on a regular basis and save a copy of them on your PC (offline backup). Note: Backups which are stored on your webspace can be infected too and are not secured.
We are already working on solutions in order to protect you from this trojan based attack. These solutions will provide an additional layer of security in addition to the measures mentioned above.