There has been a ransomware crime recently. It is dubbed as the “Linux.Encoder.1”. This ransomware targets Linux-based websites. Yes those websites which run on Linux operating system are target to this cyber crime.
What is ransomware?
Well ransomware is a malicious code that discreetly scrambles all the documents and files of the user’s infected system with very strong encryption.
What lies next?
A ransom will be demanded from the infected user. The ransom is to be paid in Bitcoin.
Once you pay the ramsom, you will get a key to get back your files the way they were before the ransomware attack by using a public RSA key to decrypt your files.
How Linux.Encoder.1 works?
The attackers now have put their interest in websites and have started using a site’s data (files, images, etc.) to get ransom from the site owners. The malware is usually injected into Web sites through vulnerabilities in site plugins or third-party software. For the malware to work, it requires that the targeted user Linus OS account should be of an administrator. Once the malware has access to the host machine, starts encrypting all of the files in the system, from the home directory and also from backup directories, associated with Web site files, images, scripts, etc.
The message that appears on the infected system says that if the ramsom of demanded bitcoin is not paid, then the files on your system will be released on the internet.
At present, when Google’s Virustotal.com’s products inspected this malware, it was found to have almost zero detection.
So keeping the security of the websites’ data, users should beware of these ransomware attackers and protect the system data by keeping backup. Now since these malwares search for other network or file shares networked to the targeted machine, it would be wise to keep the backup disconnected from the system.