Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday November 08 2015, @06:12AM   Printer-friendly
from the malware-for-idiots dept.

A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files.

From Dr.Web Antivirus:

Once launched with administrator privileges, the Trojan dubbed Linux.Encoder.1 downloads files containing cybercriminals’ demands and a file with the path to a public RSA key. After that, the malicious program starts as a daemon and deletes the original files. Subsequently, the RSA key is used to store AES keys which will be employed by the Trojan to encrypt files on the infected computer.


[Ed's Comment: Emphasis mine.]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Touché) by Anonymous Coward on Sunday November 08 2015, @06:35AM

    by Anonymous Coward on Sunday November 08 2015, @06:35AM (#260252)

    s/t

    Starting Score:    0  points
    Moderation   +1  
       Touché=1, Total=1
    Extra 'Touché' Modifier   0  

    Total Score:   1  
  • (Score: 2) by Whoever on Sunday November 08 2015, @05:31PM

    by Whoever (4524) on Sunday November 08 2015, @05:31PM (#260408) Journal

    Either:
    1. This is BS. It's not a real threat, it's something where the threat is vastly inflated by a "security" company with something to sell you.
    2. The intent is to attack via ssh, hoping to find boxes with weak root passwords and no defence against ssh brute-force attacks.