Malware, Ransomware

Major ransomware strain jumps from Windows to Linux

Share

Kaspersky researchers recently discovered a new file-encrypting Trojan built as an executable and linkable format (ELF) that encrypts data on machines controlled by Linux-based operating systems.

This was significant because researchers considered this the first time a major Windows ransomware strain – RansomEXX – was ported to Linux. W3Techs reports that 28.8 percent of all web servers run on Linux.

According to a report last Friday, after initial analysis, the Kaspersky researchers noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion that pointed to an encounter with a Linux strain of the RansomEXX ransomware family.

This malware – a highly-targeted Trojan – is notorious for attacking large organizations and was most active earlier this year.

Several organizations have fallen victim to this malware in recent months, including the Texas Department of Transportation (TxDOT) and Konica Minolta.

Javvad Malik, security awareness advocate for KnowBe4, said the attack against Linux systems demonstrates the ever-evolving nature of these criminal gangs. Malik said ransomware no longer simply encrypts the first endpoint it lands on; instead criminals spend days, weeks, or even months within an organization exfiltrating data and identifying the most lucrative data to encrypt with ransomware.

“With so many servers running Linux, it makes sense for criminals to target those with ransomware as opposed to endpoints which are comparatively easier to restore,” Malik said. “These tactics will continue to grow, so it's important for organizations to look at and prevent the root cause for how these attacks are successful. This includes a combination of technical controls as well as providing adequate security awareness and training to users.”

Major ransomware strain jumps from Windows to Linux

Kaspersky researchers noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion that pointed to an encounter with a Linux strain of the RansomEXX ransomware family.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.