The latest news reports suggest that the BACP or British Association for Counseling & Psychotherapy website has been hit by a variant of the CTB-Locker ransomware. The variant of ransomware,from the family of CTB-Locker, is actually the first ever ransomware family created to target websites, and not computers.
Ransomware hijacks a website
BACP is a professional body representing counseling and psychotherapy with qualified and experienced members that works toward a better standard of therapeutic practice. Following the attack, the attackers now hold the website to a ransom.
The greeting page of the website now bears a message outlining instructions on how to pay off the extortionists: An amount of $150 (£100) in Bitcoin must be credited into the account mentioned by February 22, failing which the association’s web data will remain scrambled forever.
“Your scripts, documents, photos, databases and other important files have been encrypted with strongest encryption algorithm AES-256 and unique key, generated for this site. Decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the decryption key”, reads the front page of the hijacked website.
How the ransomware functions
The ransomware, CTB-Locker, encrypts files on infected machines, and then demands payment for the decryption key. Without this key, the contents are likely to lose its value. So far, it is believed the ransom has not been paid as the crooks’ Bitcoin wallet appears to be empty and no currency has been moved from it.
What’s worth mentioning here is that CTB-Locker is known to affect Windows computers in general and BACP.co.uk appears to be powered by Linux, probably kernel version 2.6.32 to 2.6.35. The ransomware generally gets installed when a user inadvertently opens a spam email attachment or browsing a malicious website.