Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Linux Ransomware
11-10-2015, 03:15 PM
Post: #1
Solved: 1 Year, 5 Months, 2 Weeks, 1 Day, 53 Minutes, 42 Seconds ago Linux Ransomware
Anyone that is paying any attention to the current malware situation has got to have heard of ransomeware. For those that have not, the idea is to encrypt the persons files, upload the key, & then inform the user they have x days to pay the ransom or the key is deleted & their files are essentially inaccessible forever.

Looks like a Linux version (named Linux.Encoder.1) has been discovered that effects systems with the CMS software Magento. Disclaimer : I've never heard of Magento until this news.

Linux.Encoder.1 starts in the home directory, and targets a number of common file formats including, PHP, HTML, TAR, GZ, JPG, TPL, RUBY, JAR, etc. What really sucks about this piece of ransomware is that because it's target is Linux & a server (because it's a Magento CMS exploit), it also targets backup files. So you risk loosing the previously stated, in addition to any backups. What's not so bad, is that the ransomeware uses the libc rand() function to seed the key. So it wasn't difficult to create a decryption key by using the date/time stamp on the encrypted files. But be warned, this simple mistake is not one the malware writers are likely to make again.

-#2pencil-

[Image: lovelinux.gif]
Visit this user's website Find all posts by this user
Quote this message in a reply
11-11-2015, 02:35 AM
Post: #2
Solved: 1 Year, 5 Months, 2 Weeks, 1 Day, 53 Minutes, 42 Seconds ago RE: Linux Ransomware
I read an article recently stating that the fbi recommendation on ransomware is to pay the attacker even though there is the possibility that they will just take your money and not provide you with the key. My recommendation is to keep your personal files backed up to an external drive and not connect the hard drive unless you are accessing the files or backing up the data. It's no help if your backup also becomes compromised so I wouldn't restore any files until fixing the problem even if that means wiping the system and starting over. Thanks for sharing.

[Image: t0209.gif]
TechnoFyed Forums
Senior Staff Member

[Image: signature.php?uid=1]
Visit this user's website Find all posts by this user
Quote this message in a reply
11-24-2015, 12:08 PM
Post: #3
Solved: 1 Year, 5 Months, 2 Weeks, 1 Day, 53 Minutes, 42 Seconds ago RE: Linux Ransomware
The scary part about this ransom ware is that it actually targeted backups. Granted, it would require that backups were online, or on the same storage space as the data, & any admin worth his salt would never keep a backup & it's data on the same system. To your point, yes, making backups is very important. But just as important is where you store those backups. Proper data integrity checking is often overlooking in a backup solution. Often it's assumed that your backups are good, & usable, & that your strategy is good, until the data is required to be retrieved. If you've not tested & verified the data backup solution, it's only when you need the data the most that you find your backups are useless & your solution doesn't work.

-#2pencil-

[Image: lovelinux.gif]
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)