frogboy

Level 75
Verified
Trusted
The BCAP website currently serves the standard message shown to all CTB-Locker victims, informing them their files have been encrypted and that they need to pay a ransom to a Bitcoin address before a certain deadline.

The crooks are asking for 0.4 BTC (~$150) and they have given website operators until February 22, 13:00 to pay the ransom, or the sum will be doubled.

This doesn't look like a standard CTB-Locker infection
There are many peculiar things about this specific infection. First off, the ransomware proclaims to be CTB-Locker, a ransomware which has infected until now only Windows computers. The BACP website is hosted on a Fedora (Linux) machine.

Additionally, CTB-Locker scrambles the file name of each file it infects, so if the infection took place on the Linux system, and it was the work of CTB-Locker, then the server's index.html/index.php file would be renamed, so it wouldn't be able to deliver a homepage.

Ransomware on Linux computers has been spotted before, and was seen specifically targeting Web hosting and code repository environments. That particular ransomware, called Linux.Encoder, only left boring text files behind, and never bothered to create HTML ransom notes that could be used as defacement messages.

Full article. First Time Ever: Ransomware Hits Website and Defaces Homepage