There is no denying the fact that whenever the word ransomware is mentioned computers are an instinctive afterthought to have been largely infected by the same. The impact is without a doubt an extremely serious one and so it always escapes our notice that it’s the websites also that are touched upon by this impact.
While Ransomware is normally thought to be a method wherein files are encrypted in a super-perplexing way, alongside a ransom note asking hundreds to thousands of dollars’ worth of cryptocurrency.
Typically this is kind of the reality — however, attackers aren't very similar to each other and not all may have the technical ability or would even attempt to go to such lengths.
Thus as of late, there was a case where the entire website files were apparently encrypted and had their file names changed to affix a ".crypt".
Among the files, we additionally found the ransom note one might usually discover in this type of malware, but this one was somewhat unusual — it wasn't an HTML or a .txt file. Rather, the ransom note was actually located inside a PHP file and appeared to contain actual capacities.
Here is a more critical look at the file.
The code of the malicious PHP file is as follows:
'.base64_decode('PHRpdGxlPkw0TkMzNCBSYW5zb213YXJlPC90aXRsZT4KPGx[pbmsgcmVj[REDACTED BASE64 CODE]dCBNYWlsIDogbDRuYzM0MEBnbWFpbC5jb20=').'
At first glance, nothing looks particularly surprising here, when decoded the result is:
"; ..
Support the originator by clicking the read the rest link below.
