[ALUG] CTB-Locker

Hamisi Jabe administrator at banana.co.tz
Tue Mar 1 08:42:04 EAT 2016


Worpress and Joomla are hackers darling. I dint know about this.



On 29/02/2016 06:44 alasiri, Andreas Tauscher via Linux wrote:
> Since about a week a ransomware named CTB-Locker which was up to now
> only known to encrypt files on Windows machines and blackmailing
> bitcoins for the key to decrypt the files again is now in the wild as a
> reimplementation in PHP.
>
> After it got on a website it starts do encrypt files.
> The criminals are even running a support chat to assist with the payment
> of 0.4 Bitcoins.
> Actual 1 Bitcoin is ~430 USD so they try to blackmail ~170 USD
> As far is known most of the encrypted websites have been running
> Wordpress or Joomla.
>
> It is no miracle that they attack mainly Worpress and Joomla: It is
> easy. Worpress and Joomla are hackers darling.
> Many pages are unmaintained since years and full with unfixed bugs.
>
> If you are running or maintaining Wordpress, Joomla or any other CMS:
> * Keep it always up to date!
> * Make frequently backups of files and database!
>
> If you simply have a CMS website:
> * Look for somebody who is serious doing the maintenance for you!
> * Alternatively opt for a static website without Worpress, Joomla,
> drupal or something similar. A CMS needs permanent maintenance!
>
> Andreas
>
> PS: And some nice words to the f.... ass.... doing in 2016 websites with
> Joomla 1.5 which is EOL since 2012 (!) or Wordpress 3.5 which is also
> EOL since years.
> You should read what is worpress is writing on their release page
> https://wordpress.org/download/release-archive/
> "None of these are safe to use, except the latest in the 4.4 series,
> which is actively maintained."
> Somehow I really hope a bunch of your cheated clients getting a victim
> of CTB-Locker and a niche lynch mob is showing up at your office :>
> Idiots like you making this business model for criminals possible!
>
>
>
> _______________________________________________
> The Arusha Linux User Group: http://unix.or.tz
> Linux mailing list
> Linux at lists.habari.co.tz
> http://lists.habari.co.tz/cgi-bin/mailman/listinfo/linux
>
> The Arusha LUG mailing list is generously hosted by Habari Node Ltd: http://www.habari.co.tz/
>
> The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.

-- 


Yours in the Building the Nation
Hamisi Jabe
Systems Administrator
Banana Investments Ltd
P.O. Box 10123 Arusha Tanzania
Tel: +255 784 380442 | +255 759 234610

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20160301/698e4901/attachment.html>


More information about the Linux mailing list