A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files.
From Dr.Web Antivirus:
Once launched with administrator privileges, the Trojan dubbed Linux.Encoder.1 downloads files containing cybercriminals’ demands and a file with the path to a public RSA key. After that, the malicious program starts as a daemon and deletes the original files. Subsequently, the RSA key is used to store AES keys which will be employed by the Trojan to encrypt files on the infected computer.
(Score: 2) by hemocyanin on Sunday November 08 2015, @10:21AM
One would hope that a server would have a decent backup system in place making this less profitable for the attackers. Grandmas who have all their grandkids photos unbackedup on one computer are a much juicier target.
(Score: 3, Funny) by DNied on Sunday November 08 2015, @12:25PM
Moral of the story: If grandma is root, you'd better get an account on a different machine.
(Score: 2) by Bot on Monday November 09 2015, @12:13AM
Deduplicating backup tools like attic might even detect something is wrong when a snapshot swells abruptly.
Account abandoned.