By: Dan

Dan — Sun, 14 Feb 2016 04:13:00 +0000

Knowing that recently some (e.g., TOR-based) ransomware is coded in cross-platform nw.js, I’m interested in following this to see if ransomware can actually now run on Linux despite certain runtime dependencies found in Windows but not Linux (theory: if someone engineers it someone can reverse-engineer or block). But as Malwaretips and other observe, though BACP site runs on Fedora if this truly were CTB-Locker it’d rename server’s index.html/index.php file so it couldn’t load a homepage (which checking just now from USA BACP is loading homepage)…maybe just Linux.Encoder with ability to generate HTML ransom/defacement pages? Thanks for reminding security community evil minds are definitely now after ANY OS which could yield them a penny, so keep eyes open; cheers!

By: Mulliano Costco

Mulliano Costco — Sat, 13 Feb 2016 21:56:00 +0000

I think that they should track down these idiots down and physically rough them up. This would send a message that this type of extortion will not be tolerated, ever. It seems like governments don’t give a care about this type of activity, it takes too long for them to respond (bureaucratic red tape), and they allow these criminals get away with it.

To make sure my browser does not get compromised, I use a portable version of Firefox (with a backup) and if my browser gets compromised, I can simply replace the hijacked web browser with the backup version. Use CCleaner to continually clear your cache and configure your browser to delete the cache on exit. Also, continually clear your /TEMP folders to get rid of unwanted junk files. Also, create manual restore points on your Windows 10 machine so you can reset it back to the last good restore point.

Also, stay away browser from Microsoft, (IE and Edge); they are the primary targets for these boneheads.

Comments on: CTB-Locker Ransomware hijacks the entire BACP website

By: Dan

By: Mulliano Costco