New ransomware targets Linux powered websites2015-11-10 02:43 by Daniela
Russian security company Dr Web has warned about a new form of crypto-ransomware that targets users of Linux-based operating systems. Particularly, it targets Web servers, encrypting their contents and demanding a ransom of one Bitcoin (currently about $500).
Researchers called the ransomware "Linux.Encoder.1." Typically, the malware is injected into Web sites via known exploits in popular applications, such as the Magento CMS. Once it gets its way to the server, the software encrypts any files, images, pages, scripts and stored source code it finds on the machine's main and back-up directories. Linux.encoder leaves behind a text file detailing how victims can pay the 1 bitcoin ransom required to recover their data.
"To obtain the private key and php script for this computer, which will automatically decrypt files, you need to pay 1 bitcoin(s) (~420 USD)," the warning read. "Without this key, you will never be able to get your original files back."
"Judging from the directories in which the Trojan encrypts files, one can draw a conclusion that the main target of cybercriminals is website administrators whose machines have web servers deployed on," researchers from Dr Web said. "There have been some cases, when virus makers exploited the CMS Magento vulnerability to launch attacks on web servers. Doctor Web security researchers presume that at least tens of users have already fallen victim to this Trojan."
If the victim pays the ransom, the malware will then initiate decryption of the files. It decrypts them in the same order that it encrypted them, deleting the encrypted versions of the files along with the ransom note text files.
Read more -here-