Ransomware Encrypting Files Proliferating Rapidly on Linux, warn security Researchers

One newly found ransomware that encrypts files stored on Linux computers is disseminating ever-fast, warn security researchers who state it's a strong signal that CISOs should heed if they are using Linux systems, published itworldcanada.com in news dated November 16, 2015.

According to Dr. Web the anti-virus company, which named the malicious software Linux.Encoder.1, as initially understood the malware infected only a few websites. But, by 12th November 2015, numerous other websites that were found via one easy Google search contained the ransom declaration which the malware planted.

This discovery implies that info-security professionals require monitoring their computers and also verify whether they are using up to date defense systems for intercepting the Trojan.

Meanwhile, BitDefender the security vendor too analyzed Linux.Encoder.1 while stated that its functionality highly resembled more prevalent ransom software suitable on Windows computers. These latter ransomware are TorLocker and CryptoLocker that have yielded many million USDs to their developers.

According to Senior E-Threat Analyst Liviu Arsene at BitDefender, if the majority of Web-servers carry out certain distribution of Linux OS as well as shared hosting, one can safely presume that in case any of the said kind of websites becomes impacted, other sites simultaneously using the same wherewithal may become impacted too, provided they are not appropriately separated amongst themselves. SecurityWeek reported this dated November 16, 2015.

Arsene adds that as the infection procedure doesn't involve socially-engineered tactics the server hijacks normally are done through un-patched vulnerabilities.

The ransomware for encrypting Linux-based files does the encryption very strongly for making sure that victims are unable towards regaining their files unless they pay the $380 Bitcoin ransom. For encryption, the algorithm AES-128 is utilized while the decryption code is presented locally onto the contaminated machine. The code is subsequently locked using one RSA public key as well as that because the locally generated key required to decrypt gets saved solely on the malware owner's system file recovery becomes almost impossible.

Consequently, in case any end-user's PC gets victimized with ransomware, the affected data-files must be restored from a previous backup instead of paying the decryption charge, it's recommended.

» SPAMfighter News - 11/20/2015