Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Linux Ransomware is Now Attacking Webmasters

posted by janrinok on Sunday November 08 2015, @06:12AM   Printer-friendly
from the malware-for-idiots dept.

Arthur T Knackerbracket has found the following story:

A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files.

From Dr.Web Antivirus:

Once launched with administrator privileges, the Trojan dubbed Linux.Encoder.1 downloads files containing cybercriminals’ demands and a file with the path to a public RSA key. After that, the malicious program starts as a daemon and deletes the original files. Subsequently, the RSA key is used to store AES keys which will be employed by the Trojan to encrypt files on the infected computer.

[Ed's Comment: Emphasis mine.]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Linux Ransomware is Now Attacking Webmasters | Log In/Create an Account | Top | 40 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by kurenai.tsubasa on Sunday November 08 2015, @09:05PM

    by kurenai.tsubasa (5227) on Sunday November 08 2015, @09:05PM (#260504) Journal

    Also found a Hungarian forum here [hup.hu].

    Anybody speak Hungarian in the house? I ran some of the comments through Google Translate, which proves hilariously inadequate. As as I could tell, most of the discussion is about backup strategies and insecure PHP setups that give world write permission (i.e. 777) to /var/www.

    This was my favorite translation fail:

    Például, ha "Vér Pistike" root engedélyezett SSH-t használ. De meg is érdemli.

    "Értem én, hogy villanyos autó, de mi hajtja?"

    becomes

    For example, if "Blood Pistike" root using SSH enabled. But it deserves.

    "I understand villa certain car, but what is driving?"

    So clearly, this exploit only works if bear is driving! [youtube.com] (How can that be?!)

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2, Informative) by Anonymous Coward on Sunday November 08 2015, @10:47PM

    by Anonymous Coward on Sunday November 08 2015, @10:47PM (#260546)

    >>> for example, if "Bloody Steve" is using root-enabled ssh, he deserves it.
    >>> "I understand, that it's an electric car, but what is propelling it?"

    User "trey" says, apparently FreeBSD is also affected.
    All other commenters are mostly discussing how this malware might infect your system and how you can prevent it from touching your files.