Categories: NewsSecurity

Erebus Ransomware Demands 5 BTC Ransom

The Linux operating system is usually safe from most malware attacks. However, a new type of ransomware is shaking things up a bit. Erebus is a Linux ransomware variant which can impact enterprise servers. It is also the malware which affected the South Korean NAYANA hosting provider.

Erebus Ransomware Could Be a Massive Threat

Most people will recall how a South Korean web hosting service provider was affected by a ransomware attack not too long ago. Despite the company’s best efforts, it was forced to pay US$1 million worth of Bitcoin to regain the use of its servers. It was unclear which type of malware was responsible for the attack, considering that the company’s Linux servers were affected. It now turns out this was the so-called Erebus ransomware, which is primarily designed to infect Linux devices.

There is a lot more to this malware than originally assumed. Erebus is capable of bypassing User Account Control settings on the Linux operating system, making it a very potent threat. Analysis by Trend Micro has showed how this malware is a logical evolution of various exploit kits in the past. This may indicate that the ransomware has a sophisticated developer running the show, which could hint at future versions of Erebus hitting the market.

Distribution of this ransomware seemingly occurs through malvertising campaigns. As we have highlighted on multiple occasions, malicious website advertisements are very hard to counter, unless one blocks all ads in the browser. Even then, some types might still show up and successfully distribute their payload. The campaigns used for Erebus direct victims to the Rig exploit kit, which subsequently infects the target computer.

Related Post

It appears Erebus encrypts files using the RSA-2048 encryption algorithm, which is practically impossible to crack. A whopping 423 file types are susceptible to this ransomware attack. The attack against the South Korean web hosting service provider was not random either. The malware’s command and control servers are located in the same country. Although it is unclear if the servers have been shut down, it seems the ransomware is still actively distributed.

To make matters worse, Erebus is now more powerful than its previous iteration. It poses significant risks to all Linux servers worldwide. The ransomware payload is executed after systems are rebooted, and it employs UNIX’s Cron utility to verify that the ransomware is still running every 60 minutes. Right now, getting rid of the malware will cost you approximately 5 BTC, though that price was twice as high just a few weeks ago.

The top priority now should be to properly secure Linux servers and systems all over the world. That is much easier said than done since there are many different distributions from which to choose. Sorting out privileges on large-scale networks should be one of the first steps along the path to properly secure file systems. Monitoring network traffic would be the next logical step, followed by upgrading firewall rules. Now would be the best time to start looking into data backup solutions as well.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

2 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

3 hours ago

IntelMarkets (INTL) Receives Massive Demand From Chainlink And SUI Investors Looking To Position For The Best Bull Run Gains

As the cryptocurrency market gears up for a bull run, IntelMarkets (INTL) is attracting significant…

3 hours ago

FOMO Selling Trigger $1 Billion Liquidations as LINK & SOL Bleed Heavily; What to Do Next?

In the past, Chainlink (LINK) and Solana (SOL) have been among the most discussed altcoins…

9 hours ago

Qubetics $7.4M Presale Revolutionises Blockchain as Bitcoin and Chainlink Drive Innovation: Best Cryptos to Buy for 2025

The crypto market is abuzz with excitement as 2025 approaches. While Bitcoin continues to dominate…

14 hours ago

Best Altcoins to Buy Today: Why Qubetics’ Presale Could Be the Best Investment Opportunity of 2024

The cryptocurrency market never sleeps, and every day feels like an adventure. From household names…

20 hours ago