Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 14 submissions in the queue.

Submission Preview

Link to Story

Linux Ransomware is Now Attacking Webmasters

Accepted submission by Arthur T Knackerbracket at 2015-11-07 15:17:23
Security

"Arthur T Knackerbracket" writes:

Story automatically generated by StoryBot Version 0.1.0a (Development).

Note: This is the complete story and will need further editing. It may also be covered by Copyright and thus should be acknowledged and quoted rather than printed in its entirety.

FeedSource: feedproxy.google.com collected from rss-bot logs

Time: 2015-11-06 20:54:51+00:00 UTC

Original URL: http://techcrunch.com/2015/11/06/linux-ransomware-is-now-attacking-webmasters/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29 [techcrunch.com]

Title: Linux Ransomware Is Now Attacking Webmasters

Suggested Topics by Probability (Experimental) : 13.5 OS 11.5 science 11.5 mobile 11.5 hardware 11.5 code 9.6 digiliberty 7.7 techonomics 5.8 business 3.8 technomics 3.8 careersedu 3.8 breaking 1.9 software 1.9 security 1.9 careers

--- --- --- --- --- --- --- Entire Story Below --- --- --- --- --- --- ---

Linux Ransomware Is Now Attacking Webmasters

Arthur T Knackerbracket has found the following story [techcrunch.com]:

A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 [drweb.com] the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files.

From Dr.Web Antivirus [drweb.com]:

Once launched with administrator privileges, the Trojan dubbed Linux.Encoder.1 downloads files containing cybercriminals’ demands and a file with the path to a public RSA key. After that, the malicious program starts as a daemon and deletes the original files. Subsequently, the RSA key is used to store AES keys which will be employed by the Trojan to encrypt files on the infected computer.

First, Linux.Encoder.1 encrypts all files in home directories and directories related to website administration. Then the Trojan recursively traverses the whole file system starting with the directory from which it is launched; next time, starting with a root directory (“/”). At that, the Trojan encrypts only files with specified extensions and only if a directory name starts with one of the strings indicated by cybercriminals.

Once you pay the ransom the system receives a signal to traverse the directories again to decrypt the files. The malware requires administrator privileges to run and, presumably, a sysadmin who would allow for such a program to run unbridled. The team recommends backing up all data and keeping all files in place if you’re attacked until researchers create a decryption system.

Original Submission