Kaspersky said it discovered a Linux version of the RansomEXX ransomware on Linux machines. This is a fairly new strain of ransomware that had been widely affecting Windows machines. The ransomware has been used in attacks against the Texas Department of Transportation, Konica Minolta, US government contractor Tyler Technologies, Montreal’s public transportation system, and, most recently, against Brazil’s court system (STJ). This form of ransomware is referred to as a “human-operated ransomware. The groups that utilize this new ransomware buy access or breach networks themselves, expand access to as many systems as possible, and then manually deploy their ransomware binary as a final payload to cripple as much of the target’s infrastructure as possible.
Many ransomware gangs have realized that attacking workstations first isn’t a lucrative deal, as companies will tend to re-image affected systems and move on without paying ransoms. Many of these ransomware gangs haven’t bothered encrypting workstations, instead, they target crucial servers inside a company’s network, knowing that by taking down these systems first, companies wouldn’t be able to access their centralized data troves, even if workstations were unaffected. Creating a new strain that attacks Linux machines was the next step as many companies today are running internal systems on Linux.
https://www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/#ftag=RSSbaffb68
Leave a Reply
You must be logged in to post a comment.