Ransomware Strain Targets Websites Powered by Linux OS
Ransomware Strain Targets Websites Powered by Linux OS: A security firm has uncovered a new strain of ransomware that is seeking to extort money from websites powered by the Linux operating system.
On Thursday, Russian antivirus company Dr. Web added the malware, known as “Linux.Encoder.1,” to its virus database. A description of the ransomware was created the following day:
“Once launched with administrator privileges, the Trojan loads into the memory of its process files containing cybercriminals’ demands,” explains the company in post on the malware. “As an argument, the Trojan receives the path to the file containing a public RSA key. Once the files are read, the malicious program starts as a daemon and deletes its original files.”
Dr. Web goes on to map out the infection process of Linux.Encoder.1. The ransomware first encrypts all files found in the directories /var/lib/mysql, /etc/nginx, and others. It then moves on to the home directories, followed by the directory from which it was launched as well as the root directory. Next, it targets specific files, first those whose names start with a specific string, including “public_html” and “www”, and then finally those with the file extensions “.docx”, “.jpg”, “.exe”, and many others.
Upon completion of the infection process, the ransomware displays a message to the victim demanding one Bitcoin ($300-$400 USD) in ransom, which is less than the usual 2-4 Bitcoins demanded by other ransomware authors, as Softpedia reports.