Ransomware attacks Linux servers

The ransomwares were on a roll and while most variants of this malware category attack Windows systems, DrWeb company recently reported the existence of a malware called Linux.Encoder.1 addressing machines running Linux. The company last week released the description and signatures corresponding to a new variant of ransomware: whether the method used by the Trojan is not specified, some believe that the malware exploits a vulnerability in particular critical security within the Magento CMS. The flaw is corrected in a patch dated October 31.

bitcoin 1 = 350 euros

After infecting the system, Linux.Encoder.1 behaves like a classic and began to ransomware encrypts user data , by first targeting files / home / root / var / lib / mysql / var / www / etc / nginx / etc / apache2 / var / log on the machine, before tackling other issues.

The malware also sends the user two files describing the procedure to pay the ransom and recover data. The bitcoin cyberattaquants require to unlock the files, which is about 350 euros.

Files are encrypted with AES 128-bit algorithm and are being added .encrypted extension. The program uses a public / private key system to encrypt and decrypt files, unfortunately the developers of malware erred in implementing encryption.

As explained Bitdefender Linux.Encoder.1 uses the date and time of the machine to generate its private key instead of a true random number generator. A timestamp of easy infection to obtain since it is sufficient to retrieve the creation date of the readme files deposited by the malware for the user: Bitdefender proposes a script to infected users who want to avoid paying the ransom and recover all of their data.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS