Linux experts have always felt their operating system to be one of the most secure in the world, as there are very little viruses or spyware to be found on Linux these days. But all of that is coming to change, as a newly released type of ransomware is focusing all of its attention on Linux users all over the world.
Ransomware Makes Its Way To Linux Systems
Up until this point, the most obvious operating system to attack with ransomware was Windows. Keeping in mind how this is the most commonly used operating system in the world, infecting many people is not as difficult as it sounds where Windows is concerned. Different operating systems, on the other hand, are very rarely affected by the same type of virii and other nasty stuff that plagues their Microsoft counterparts.
This is longer the case, though, as a new form of encryption malware has been detected on the Linux operating system recently. Labelled as “Linux Encoder 1”, this malware is – for the most part – targeting web servers by encrypting all of the content located on these machines, and attempting to force the user to pay a ransomware price of 1 Bitcoin.
Injecting this ransomware on Linux web servers can be done by exploiting a vulnerability in the Magento CMS. Even though a patch was released on October 31 this year, not all of the web servers have been upgraded by the end user. Especially e-commerce platforms are at risk due to this vulnerability, making them a prone target for a ransomware attack.
That being said, there are concerns regarding other content management systems being vulnerable to some form of exploit as well. But there is a silver lining as well, as the exploit can only be executed if an attacker gains administrator privileges on the web server. As you would come to expect from ransomware, there are a few certain file types and systems that are being targeted specifically.
Nginx, Apache, and MySQL are of particular interest to this ransomware, as these are high-profile file systems where users store a lot of sensitive data. However, file types are not safe from harm either, as this ransomware goes after Windows executables, and file extensions such as .asp, .jar, and any form of a document.
At the time of publication, there have been no reports regarding Bitcoin users being affected by this malware on Linux. However, one can rest assured this malware has the potential to encrypt wallet.dat files as well. All readers using the Magento CMS system are advised to upgrade their installation asap, to prevent any harm.
Source: Ars Technica