Lilocked, or Lilu, Ransomware, is actively targeting servers and encrypting the data located on them. All of the known infected servers are web sites, which is causing the encrypted files to show up in Google search results. It is not known if Lilu is specifically targeting web servers, but most of the submitted files seen by BleepingComputer are related to web sites. One user reported that the attacker gained access to their web server using an Exim exploit. Another victim felt that they were infected through an outdated WordPress installation.
Source: https://www.bleepingcomputer.com/news/security/lilocked-ransomware-actively-targeting-servers-and-web-sites/