Crypto ransomware is the latest in the list of ransomware used by the hackers. This one, though, specifically targets users on Linux operating systems.
What’s different about this ransomware is that instead of locking down Word or PDF files, the ransomware aims for the server itself and asks for bitcoins in the form of ransom.
The hackers target specific software on the server like Magento and Apache and MySQL installation.
According to Russian company Dr. Web:
“Once launched with administrator privileges, the trojan, dubbed Linux.Encoder.1 downloads files containing cybercriminals’ demands and a file with the path to a public RSA key,” Dr. Web explained in an analysis. “After that, the malicious program starts as a daemon and deletes the original files. Subsequently, the RSA key is used to store AES keys which will be employed by the trojan to encrypt files on the infected computer.”
The compromised devices are appended with .encrypted extension. The Trojan plants to each directory encrypt the file asking for a ransom to be paid in Bitcoin electronic money.
The researchers recommend to contact them in case you are the victim of this ransomware but make sure if your device is compromised do not delete or modify any of the encrypted files because doing so may block the decryption process and you may not see your data ever again.
Magento was quick to release an update, but users are still falling for the ransomware scam.
Have you been infected with this scam?Dr. Web