CryptoLocker on hacked website

Today I will show you a website blocked by Crypto Locker.
During my searches I found a website that has encrypted files.
All ending with .encrypted


Each directory has a .txt file to be readable, and it describes the problem and how to fix it.
The website owner is informed that all data stored on the host or server has been encrypted and can only be decrypted if it pays a certain amount of money.
The amount described in the host is 1 bitcoin but at 420 usd, demonstrating that the host was encrypted a long time ago, because now 1 bitcoin is worth $ 8716.72 (26.11.2017 / 01:00).

I discovered that there was a possibility that the encryption was made after May 2015

The site looks like it dates back to 2013 and is valid until 2018, but it seems the owner did not want to pay the required amount or close the host.

Payment is made in Bitcoin and for the decryption key the victims are directed to a DarkWeb (Hidden web) domain that ends in .onion.
Access to this kind of domain is through the Tor browser.

I could not access the domain but I found information about it.
It can be seen that he had a fairly high monthly traffic, which means he was very visited.

I have randomly searched some of the domains on the same server and it seems to be the only one affected.
However, it seems that server owners are not taking security measures.

If you are curious, I can show you how the website was before encryption in May 2015.

What can I say….
Have Fun & Stay Safe!


Alex Anghelus

SC Prodefence SRL CEO - Cyber Security, Pentesting & Ethical Hacking - Malware Analyst

Leave a Reply

SC ProDefence SRL - Cyber Security Services