CAUTION: PROTECT YOUR WEBSITE AND WEB SPACE AGAINST CRYPTO TROJAN
Yesterday, several reports have been published about a Crypto Trojan CTB locker that tries to infect and encrypt all files on a user’s web space with AES-256, a symmetrical encryption algorithm. Infected users will find their scripts, photos, databases and other content locked and no longer usable.
Once they have taken control, attackers are attempting to blackmail site admins, sending emails requesting money transfers in bitcoins in return for decryption.
While the entry point for the attack is still being confirmed, we expect that access is being gained through older and unprotected versions of popular web apps, such as WordPress or Joomla!. So far, only a few web servers are affected. However, to ensure your site remains protected we recommend following the below easy steps:
Protecting Your Website and Web Space
Protective measures at a glance: Updates, virus protection and offline backups.
- Update all plugins and web applications on your web space (for example, WordPress or Joomla) to the newest version.
- This is valid for all users with self-managed and standard installations through the 1&1 App Center.
- 1&1 users with Safe Mode and managed installations are already up-to-date and do not have to make updates.
- Enable the newest PHP version through your 1&1 Control Panel. We recommend PHP 5.6 or higher.
- Check your local computers for viruses, malware and trojans.
- Back up your website files and your databases on a regular basis and save a copy of them locally. Note: Backups which are stored on your web space can be infected too and are not secured.
We are already working on solutions in order to protect you from this virus, but recommend that you follow these steps to stay protected in the meantime.
For further information, please visit the 1&1 community.