A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files.
From Dr.Web Antivirus:
Once launched with administrator privileges, the Trojan dubbed Linux.Encoder.1 downloads files containing cybercriminals’ demands and a file with the path to a public RSA key. After that, the malicious program starts as a daemon and deletes the original files. Subsequently, the RSA key is used to store AES keys which will be employed by the Trojan to encrypt files on the infected computer.
(Score: 2) by kurenai.tsubasa on Sunday November 08 2015, @09:05PM
Also found a Hungarian forum here [hup.hu].
Anybody speak Hungarian in the house? I ran some of the comments through Google Translate, which proves hilariously inadequate. As as I could tell, most of the discussion is about backup strategies and insecure PHP setups that give world write permission (i.e. 777) to /var/www.
This was my favorite translation fail:
Például, ha "Vér Pistike" root engedélyezett SSH-t használ. De meg is érdemli.
"Értem én, hogy villanyos autó, de mi hajtja?"
becomes
For example, if "Blood Pistike" root using SSH enabled. But it deserves.
"I understand villa certain car, but what is driving?"
So clearly, this exploit only works if bear is driving! [youtube.com] (How can that be?!)
(Score: 2, Informative) by Anonymous Coward on Sunday November 08 2015, @10:47PM
>>> for example, if "Bloody Steve" is using root-enabled ssh, he deserves it.
>>> "I understand, that it's an electric car, but what is propelling it?"
User "trey" says, apparently FreeBSD is also affected.
All other commenters are mostly discussing how this malware might infect your system and how you can prevent it from touching your files.