This site may earn affiliate commissions from the links on this folio. Terms of use.

ransom note

Encryption can proceed your advice private and your files safe from prying eyes, but information technology tin also be turned confronting you. In recent years, online criminals have been using a class of malware called ransomware to extract money from victims by encrypting their files and property them ransom. Equally if that wasn't bad enough, security researchers accept now identified a new strain of ransomware that targets Linux-based web servers, holding an unabridged website hostage until the possessor pays up.

The ransomware is currently being called "Linux.Encoder.1," and security business firm Doctor Web has reportedly seen information technology bite only a scattering of websites so far. Victims are currently in "at least tens," merely each time it locks down a website, it demands one Bitcoin in payment. With the recent uptick in value, that's about $500.

Many of the infected systems were accessed through a vulnerability in the Magneto CMS. A patch was issued to close this security hole on October 31st, only not all users will become the new version installed right away. The funds from the first wave of attacks could besides be used to purchase a previously undisclosed exploit, which could widen the scope of attacks.

Similar other ransomware schemes, after Linux.Encoder.ane gains access to a web server, it encrypts all the mounted volumes and encrypts a multifariousness of file types with an RSA-2048 key that cannot exist duplicated past the user. The malware seeks out Apache, MySQL, and Nginx installations in the server earlier going to work, thus ensuring it locks important files that someone volition desire back. It goes subsequently files like Windows executables, program libraries, and JavaScript documents, and more than.

ransomware

In each directory it encrypts, Linux.Encoder.i helpfully leaves a text file called README_FOR_DECRYPT.txt (run across above). This is the bribe note. It explains that the contents of the server are encrypted, and in order to recover the files, you'll need to pay one Bitcoin to the attackers at a specific Bitcoin accost. It provides an address linked to a deep web using a Tor2web redirect.

If the victim pays up, the attackers say they'll provide the decryption cardinal to access all the locked files. That, of class, assumes you believe they volition follow through. This process is less sophisticated than some previous ransomware attacks, and the files in question might be of greater commercial value. That makes information technology more than likely owners of the web servers volition pay the ransom. The all-time way to avert being scammed past this malware is to keep your security up to engagement and take a backup of your of import server files stored in a different location.