Ransomware authors are using the bitcoin blockchain, which serves as the cryptocurrency’s public transaction ledger, to deliver decryption keys to victims.

The technique, which removes the burden of maintaining a reliable website-based infrastructure for cybercriminals, was observed in a recent version of the CTB-Locker ransomware that targets Web servers.

CTB-Locker has targeted Windows computers for a long time, but a PHP-based variant capable of infecting websites first appeared in February, marking an interesting evolution of this ransomware threat.

The decryption routine in the original PHP-based CTB-Locker version involved a script called access.php that served as a gateway to the attackers’ back-end server. This gateway script was hosted on multiple hacked websites and was necessary to obtain the decryption key after victims made a payment.

To read this article in full or to leave a comment, please click here