Categories: NewsSecurity

Erebus Ransomware Demands 5 BTC Ransom

The Linux operating system is usually safe from most malware attacks. However, a new type of ransomware is shaking things up a bit. Erebus is a Linux ransomware variant which can impact enterprise servers. It is also the malware which affected the South Korean NAYANA hosting provider.

Erebus Ransomware Could Be a Massive Threat

Most people will recall how a South Korean web hosting service provider was affected by a ransomware attack not too long ago. Despite the company’s best efforts, it was forced to pay US$1 million worth of Bitcoin to regain the use of its servers. It was unclear which type of malware was responsible for the attack, considering that the company’s Linux servers were affected. It now turns out this was the so-called Erebus ransomware, which is primarily designed to infect Linux devices.

There is a lot more to this malware than originally assumed. Erebus is capable of bypassing User Account Control settings on the Linux operating system, making it a very potent threat. Analysis by Trend Micro has showed how this malware is a logical evolution of various exploit kits in the past. This may indicate that the ransomware has a sophisticated developer running the show, which could hint at future versions of Erebus hitting the market.

Distribution of this ransomware seemingly occurs through malvertising campaigns. As we have highlighted on multiple occasions, malicious website advertisements are very hard to counter, unless one blocks all ads in the browser. Even then, some types might still show up and successfully distribute their payload. The campaigns used for Erebus direct victims to the Rig exploit kit, which subsequently infects the target computer.

Related Post

It appears Erebus encrypts files using the RSA-2048 encryption algorithm, which is practically impossible to crack. A whopping 423 file types are susceptible to this ransomware attack. The attack against the South Korean web hosting service provider was not random either. The malware’s command and control servers are located in the same country. Although it is unclear if the servers have been shut down, it seems the ransomware is still actively distributed.

To make matters worse, Erebus is now more powerful than its previous iteration. It poses significant risks to all Linux servers worldwide. The ransomware payload is executed after systems are rebooted, and it employs UNIX’s Cron utility to verify that the ransomware is still running every 60 minutes. Right now, getting rid of the malware will cost you approximately 5 BTC, though that price was twice as high just a few weeks ago.

The top priority now should be to properly secure Linux servers and systems all over the world. That is much easier said than done since there are many different distributions from which to choose. Sorting out privileges on large-scale networks should be one of the first steps along the path to properly secure file systems. Monitoring network traffic would be the next logical step, followed by upgrading firewall rules. Now would be the best time to start looking into data backup solutions as well.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Altcoin Alert: Crypto Market Cap Breaches Key Level Hinting at an 8000x Rally for this Shiba Inu Killer

Shiba Inu (SHIB) gave enormous returns in 2021, making many early holders millionaires. After the…

2 hours ago

XRP Crash? XRP Falls Below $0.5 Resistance Level as Next Gen Altcoin JetBolt Takes Over

Spooky season might be over but doom is still looming as Ripple’s XRP falls below…

5 hours ago

This New Exchange Token Is Poised for a Price Surge Alongside Cardano and Avalanche – Analysts Predict Huge Gains This November

Three promising altcoins are causing a stir among investors this November: Avalanche (AVAX), Cardano (ADA),…

5 hours ago

With Dogecoin Dipping and TRON Holding, Is Lunex the Hottest Crypto Now?  

Everyone knows what the hottest crypto can do. When it was so hot it was…

6 hours ago

Tron Fees To Be Cut In Half Through Proposal 95, Cutoshi Surpasses $600k As TRX Investors Join CUTO Presale

The Tron network has witnessed incredible growth in several areas, especially in its adoption, which…

7 hours ago

$Pepe Whale Sell-Off And Fund Transfers Stir Volatility In Meme Coin Market

Recently, major $PEPE holder Flow Traders transferred 520 billion $PEPE tokens—worth approximately $4.73 million—from address…

15 hours ago