Menu
File-encrypting ransomware starts targeting Linux Web servers

File-encrypting ransomware starts targeting Linux Web servers

Ransomware authors are expanding their pool of victims by adding Linux systems to the mix

Ransomware authors continue their hunt for new sources of income. After targeting consumer and then business computers, they've now expanded their attacks to Web servers.

Malware researchers from Russian antivirus vendor Doctor Web have recently discovered a new malware program for Linux-based systems that they've dubbed Linux.Encoder.1.

Once run on a system with administrator privileges it starts traversing the whole file system and encrypting files in specific directories, including the user's home directory, the MySQL server directory, the logs directory and the Web directories of the Apache and Nginx Web servers.

The malware program encrypts files with certain extensions, particularly those associated with Web applications in different programming languages, images, media and documents. It then leaves a ransom note in every directory that contains encrypted files.

Linux.Encoder.1 uses a strong encryption algorithm and public-key cryptography, making the files hard to recover without backups or paying the ransom.

Unlike consumer PCs or business workstations, Web servers are more likely to have a backup routine configured. However, this ransomware program also encrypts archives and directories that contain the word backup, so it's critically important to regularly save backups to a remote server or offline storage.

It's not clear how the malware is installed on servers, but attacks against Linux systems typically involve brute-force guessing of remote access (SSH) credentials or Web application exploits, such as SQL injection or remote file inclusion, combined with local privilege escalations.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Show Comments