Ransomware is disgusting piece of malware that infects computers. CBT Locker Website, a spin on the ill-reputed CBT Locker for desktops computers, is one of the newest versions of ransomware that permits an attacker to require WordPress sites hostage and charge a fee for his or her release.
What are CBT Locker and Ransomware?
Ransomware, which has only been popular for the past few years, is best when an attacker plans to form money from his/her victims. Ransomware encrypts all of the data and leaves the victim a note that key files won’t be decrypted until the victim pays a fee, which may run anywhere between $50 through thousands of dollars. If the victim waits much longer, sometimes charges increase.
CBT Locker works during a alike fashion; the hacker just must get the victim to download malicious software, which may be easier than gaining access to an internet site.
Hacking an internet site involves accessing the filing system to upload files. This will be done using phishing attacks or key-loggers. WordPress sites susceptible to SQL injections also can give the attacker escalated privileges on the online server.
What Happens After an internet website is Hacked?
After the web site is hacked, the attacker uploads a replacement index.php file. Once you access a site, the default file that launches content for the most homepage is index.php. The attacker’s index.php file replaces the legitimate one; subsequent time it executes, encoding is triggered.
The malicious code searches for several file types, usually those most likely to be imperative to people. Here are some file types that ransomware, including CBT Locker, searches for:
- .doc
- .jpg
- .png
- .txt
- .docx
- .xls
- .xlsx
- .ppt
Ransomware uses a two-key system: a public key for encrypting the data and a personal key for decrypting it. Only the private key can decrypt data encrypted with the general public key. Once you pay the ransom, you buy the private key.
An interesting part about the CBT Locker website version is that the real-time chat system. If your files are decrypted, you’ll attend your site and use the chat system to speak to the hacker. The attacker will assist you find a bitcoin provider and even provide you technical instructions on the way to buy the key.
WordPress sites under InterShield Protection
The attacker needs access to your site, therefore the only thanks to defend against this attack is to understand common vulnerabilities within WordPress.
The normal way that a hacker gains access to a site is from a malicious plugins. Even authentic plugins could have some quite vulnerability that provides an attacker control of the location. Install only trusted plugins with authors that keep up-to-date on the newest attacks and regularly update their software to patch any recent bugs.
Some legitimate plugins are shown to possess vulnerabilities. Responsible plugin developers patch their software to prevent the vulnerability and release the new update as soon as possible. you want to update your plugins whenever a patch is released to avoid having your site hacked.
Penetration testing is the process of getting a “white hat” hacker run scripts against your website to seek out any common vulnerability. You’ll buy testing or buy your own software that penetration tests your WordPress site. If any vulnerability is found in your plugins, you’ll either disable them and find replacements or alert the plugin author within the hopes that they’re going to provide you with a fix.
SQL injection may be a common attack on database vulnerabilities. Unless you understand SQL language and the way databases work… you are not going to know about how to seek out these vulnerabilities. A penetration test includes SQL injection vulnerabilities. Not only do you have to always keep your software up-to-date, but even be conscious of phishing scams once you read your emails.