It seems linux has also entered into the risk zone. As per Kaspersky, it has discovered a Linux version of the RansomEXX ransomware, marking the first time a major Windows ransomware strain has been ported to Linux to aid in targeted intrusions. RansomEXX is a relatively new ransomware strain that was first spotted earlier this year in June.
As per Kaspersky, when targeting Linux servers, the RansomExx operators will deploy an ELF executable named 'svc-new' used to encrypt a victim's server.
After the initial analysis we noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion, which suggested that we had in fact encountered a Linux build of the previously known ransomware family RansomEXX. This malware is notorious for attacking large organizations and was most active earlier this year.
RansomEXX is a highly targeted Trojan. Each sample of the malware contains a hardcoded name of the victim organization. Moreover, both the encrypted file extension and the email address for contacting the extortionists make use of the victim’s name.
When launched, the Trojan generates a 256-bit key and uses it to encrypt all the files belonging to the victim that it can reach using the AES block cipher in ECB mode. The AES key is encrypted by a public RSA-4096 key embedded in the Trojan’s body and appended to each encrypted file.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
