Ransomware attacks British Counseling and Psychotherapy website

The British Association for Counseling and Psychotherapy (BACP)’s website was hacked in early February by suspected malware – holding it for ransom until their demands were met.

The landing page of the BACP website was replaced with the hijackers’ instructions on how to pay off the ransom – $150 before the 22nd of February or the information will remain jumbled up. CTB-Locker, the malware used by the attackers, encrypts the data on infected machines and demands payment for the decryption of the data. Without this decryption key, the contents and information are rendered unusable.

The BACP has over 40,000 and is “the largest professional body representing counseling and psychotherapy in the UK. As of this writing, the Leicester-based BACP has not commented on the issue.

While CTB-Locker is known to be malware that affects Windows devices by installing through spam emails or malicious websites, the BACP website is known to be powered by Linux – probably a kernel version 2.6.32 to 2.6.35, according to experts.

The BACP landing page was replaced with hijackers’ instructions on how to pay off the ransom.

Also, the web server has FTP, SSH, HTTP, HTTPS, RPCBIND, and My SySQL services facing the internet; while the HTTP server is Apache 2.2.17 on Fedora, and SSH is on OpenSSH 5.4.

The front page read: “Your scripts, documents, photos, databases and other important files have been encrypted with strongest encryption algorithm AES-256 and unique key, generated for this site. Decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the decryption key.”

There were some files on the server that were not encrypted by the hackers – one of which was the policy page. Analysts also suggested that it was possible for a Windows PC at the BACP to be infected, its website files encrypted, and the files synced to the web server with a replacement homepage.

However the computer was accessed, this falls under a category where a Linux-powered website was infiltrated by CTB-Locker.

Fortunately, the BACP website appears to be back to normal. The association or the hackers did not have any updated statements, but it seems the ordeal was settled between the two.

Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.

Share on social media: