Tuesday, 24 November 2015

New Ransomware Variant Linux Uses OpenSSL

Researchers have discovered a new variant of ransomware that encrypts Linux web servers.Linux.Encoder.2, as this variant is called, however, appeared earlier than Linux.Encoder.1 where early November was warned. The second would be used in September and October.

The attackers deliberately set WordPress websites and web shops running on Magento. The attackers know exactly how to enter, according to the Russian anti-virus company Doctor Web is not yet known. Once access to the server is obtained encrypted files and victims get a message that they have to pay. A difference between the first and second variant is the use of OpenSSL instead of PolarSSL. Why the creators of the ransomware SSL library has changed is unknown.

Like the first variant the second variant can also be decrypted so that victims do not have to pay. However, the decryption tools are not removing the infected server to the shell script. Thus, the attackers can infect the server. Victims are advised to call the police, do not change the contents of encrypted directories and not to delete files from the server.

No comments:

Post a Comment