Jump to content
  • Windows-based ransomware now infects Linux devices as well

    aum

    • 346 views
    • 2 minutes
     Share


    • 346 views
    • 2 minutes

    A ransomware variant commonly known for encrypting Windows systems has recently been found targeting Linux devices as well.

     

    According to a report by SentinelLabs, Linux versions of the ransomware strain IceFire have recently compromised the networks of several media and entertainment sector organizations worldwide. The operators behind the ransomware do this by exploiting a deserialization vulnerability in the IBM Aspera Faspex file-sharing software. After gaining access to the victim's system, they will then deploy the IceFire ransomware, which will encrypt data and append the '.ifire' extension to the affected files. The ransomware will finally delete itself to cover its tracks.

     

    Interestingly enough, IceFire doesn't encrypt all files on Linux. It actually avoids encrypting certain paths to ensure that critical parts of the system will remain operational and avoid further damage to the system.

     

    1678460206_cursor_and__ateam_draft__icef

     

    Once the ransomware completes data encryption, it will drop a ransom note which asks the victim to contact the malware's operators within five days. If they fail to do so, the note claims that the victim's data will be publicly posted online.

     

    IceFire is just one of many ransomware variants that have started targeting Linux systems. "While the groundwork was laid in 2021, the Linux ransomware trend accelerated in 2022 when illustrious groups added Linux encryptors to their arsenal," SentinelLabs' blog stated. Some of these variants include Conti, LockBit, Hive, and HelloKitty, among others.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...