Ransomware reaches Linux

[GoodBytes]

Ransomware are a type of malware which locked you out of access your important data in your system, usually by using a strong encryption, and asking you monetary funds to be paid in a way that can't be easily traced to someone with the program which holds the generated decryption key. If you pay, your data is hopefully decrypted. If you don't or close the program, the decryption key is gone, and your data will remain encrypted.

 

Ransomware have been gaining huge traction with criminals as they can't be detected by anti-malware, it is easy to make (has a lot of variations), does maximum damage to the user if they don't pay, and don't have a backup (which most people, even companies don't), and due to the value of the data being encrypted, most people pay, bringing them millions of dollars. For example, CryptoLocker is estimate to have brought 3 million dollars U.S to the criminals, before it was taken down by authorities. Cryptowall (another variation), brought 18 million dollars as of June 2015, and increasing

 

The big appeal for ransomware are companies, as they can pay more easily large sum of money to pay the ransom in order to they their data back.

 

Due to the great number of Linux based OS servers, Linux is starting to get traction to criminals.

Now, Linux, who was thought to be a safe heaven against attacks due to low marketshare, is being attacked according to ArsTechnica.

 

 

They claim that the The anti-virus software company Doctor Web discover a ransomware dubbed: "Linux.Encoder.1" by the company, which targets web servers, seeking SQL databases, by specifically looking for Apache or Nginx installations and MySQL, and takes action. Many of the systems that have been affected by the malware were infected via a vulnerability in the Magento CMS.The good news, is that Magento released a security update patching the vulnerability October 31st.

 

Many of the systems that have been affected by the malware were infected when attackers exploited a vulnerability in the Magento CMS. A critical vulnerability patch for Magneto, which is used to power a number of e-commerce sites, was published on October 31. Doctor Web researchers currently place the number of victims in the "at least tens" range, but attacks on other vulnerable content management systems could increase the number of victims dramatically.

 

In order to run the malware, it needs to be execute  as administrator, while it seams like a non issue, systems where infected. We don't know if the malware was able to get through, or due to the poor/incorrect setup of the server.

 

n order to run, the malware has to be executed with administrator-level privileges. Using 128-bit AES crypto, the malware encrypts the contents of all users' home directories and any files associated with websites running on the systems. It then goes through the whole directory structure of mounted volumes, encrypting a variety of file types. In each directory it encrypts, it drops a text file called README_FOR_DECRYPT.txt. This demands payment and provides a link to a Tor "hidden service" site via a Tor gateway.

 

Source: http://arstechnica.com/security/2015/11/new-encryption-ransomware-targets-linux-systems/

 

Now the question is, will company affected be aware of the patch?, and will they apply the update?

Also, while this is potentially first attack (at least found), it does show that Linux based OS isn't a safe heaven from such attack. It is only a question of time before Linux based OS attacks grows.

 

 

[Nonco]

Scary stuff :c

[PlayStation 2]

welp

there goes the excuse of linux being safer than windows

[Godlygamer23]

@QueenDemetria. Your precious Linux based OS won't be so malware free forever.

[Kobathor]

Poor Linux Elitists.. Now they can't spout "BUT IT CAN'T GET VIRUSES!1!!!11!"

 

It was bound to happen.

[Kherm]

Oh yeeeh, Windows 10 keeps looking better and better. 

[QueenDemetria]

@QueenDemetria. Your precious Linux based OS won't be so malware free forever.

"In order to run the malware, it needs to be execute  as administrator, " - Administrator says denied lol.

[Godlygamer23]

"In order to run the malware, it needs to be execute  as administrator, " - Administrator says denied lol.

Malware can get around anything.

[theninja35]

Poor Linux Elitists.. Now they can't spout "BUT IT CAN'T GET VIRUSES!1!!!11!"

 

It was bound to happen.

I don't think the Linux boys say that. Mostly Apple fans.

[Guest]

Poor Linux Elitists.. Now they can't spout "BUT IT CAN'T GET VIRUSES!1!!!11!"

 

It was bound to happen.

Knowledgeable linux users don't say that, linux is just less virus-prone, and that is still the case even after the ransomware

[XDroidie626]

Give it a week, more than likely Red Hat or Debian have a fix, they have some extremely talented devs and hackers in their ranks, but of course security is an ever evolving planet.

Thing is people think distros are more secure than Windows OOB, which can be true it depends on the user, Windows can be made to be harder than Linux, vice versa, all about the user

Don't worry, least we have more chance of survival than most Windows users

[Curufinwe_wins]

"In order to run the malware, it needs to be execute  as administrator, " - Administrator says denied lol.

Thus is true for OSX and Windows. I mean really... At least the average Linux user is less idiotic than the average pc user in general so ofc they are less susceptible to stupid.

[iwasaperson]

Well it's a good thing I use good passwords and don't hand out root access to evey program I run.

​

​Also check out firejail. It's a program that puts other programs in sandboxes.

​There's also QubesOS, which runs every program in a VM. That approach might not be practical to some though.

​

​Remember, just because GNU/Linux has a virus doesn't mean it's insecure.

​

​Also got to love the Windows guys here saying that Windows is somehow awesome because of this or that it's somehow more secure than GNU/Linux. Good way to make me laugh.

[Agent181]

Poor Linux Elitists.. Now they can't spout "BUT IT CAN'T GET VIRUSES!1!!!11!"

 

It was bound to happen.

reminds me of everyone that use to say that about apple

[Godlygamer23]

Remember, just because GNU/Linux has a virus doesn't mean it's insecure.

But it also means it's just as susceptible as any other OS and its lack of market share is the only thing protecting it.

[iwasaperson]

But it also means it's just as susceptible as any other OS and its lack of market share is the only thing protecting it.

That and the general design of UNIX/UNIX-like OSs in general. The permissions system alone along with limited user access (you can disable access to sudo on accounts completely) means it is more secure than Windows by design.

​

​This applies to Mac OS X as well, since it is based on FreeBSD.

​

​Not to mention the fact that bugs are resolved much faster on GNU/Linux due to the nature of libre (open source) software. Remember Heartbleed? A bugfix was released right away. With Windows, you'd be lucky if a bugfix was released with the next version unless Microsoft gets a ton of bad PR that is.

[AnonymousGuy]

Server admin just shrugs, wipes the drive, and restores from a backup.

[Misanthrope]

Poor Linux Elitists.. Now they can't spout "BUT IT CAN'T GET VIRUSES!1!!!11!"

 

It was bound to happen.

 

This isn't a virus. But actually we've had malware on Linux for a while if you count Android. Unlike Android however, Linux can be easily patched, often on the fly without fully restarting a server.

[AresKrieger]

This is why you keep backups as you can just dump everything on that drive if you stored a backup and will only be mildly annoyed in comparison to screwed

[spartaman64]

linux has less exploits and security weaknesses  than windows and this doesnt change that

[SteveGrabowski0]

"In order to run the malware, it needs to be execute  as administrator, " - Administrator says denied lol.

 

Why GNU/Linux Viruses are fairly uncommon” from Charlie Harvey

evilmalware 0.6 (beta)

Copyright 2000, 2001, 2003, 2005 E\/17 |-|4><0|2z Software Foundation, Inc.

This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY, COMPLETE DESTRUCTION OF IMPORTANT DATA or FITNESS FOR A PARTICULAR PURPOSE (eg. sending thousands of Viagra spams to people accross the world).

Basic Installation

Before attempting to compile this virus make sure you have the correct version of glibc installed, and that your firewall rules are set to ‘allow everything’.

1. Put the attachment into the appropriate directory eg. /usr/src.
2. Type ‘tar xvzf evilmalware.tar.gz’ to extract the source files for this virus.
3. ‘cd’ to the directory containing the virus' source code and type ‘./configure’ to configure the virus for your system. If you're using ‘csh’ on an old version of System V, you might need to type ‘sh ./configure’ instead to prevent ‘csh’ from trying to execute ‘configure’ itself.
4. Type ‘make’ to compile the package. You may need to be logged in as root to do this.
5. Optionally, type ‘make check_payable’ to run any self-tests that come with the virus, and send a large donation to an unnumbered Swiss bank account.
6. Type ‘make install’ to install the virus and any spyware, trojans pornography, penis enlargement adverts and DDoS attacks that come with it.
7. You may now configure your preferred malware behaviour in /etc/evilmalware.conf.

SEE ALSO evilmalware(1), evilmalware.conf(5), please_delete_all_my_files(1)

Other humor in the GNU Humor Collection.

[Mooshi]

This makes me chuckle a bit when I think of the Linux fanboys bashing Windows 10 citing security as their number one reason. That said, an external HDD is considerably cheaper than forking over hundreds of thousads to some nerd caked in Dorito crumbs.

[BurgerBum]

welp

there goes the excuse of linux being safer than windows

well it still is. and untill linux reaches that 51% market share it will continue to be. (sort of)

issue is the people who think linux is just this ''invulnerable OS that cant get infected'' or the people who use this kind of article to say that linux is bad.

 

i was actually expecting something big like this before christmas. although i has not guessed it to be ransomware.

[FakezZ]

 

 

In order to run the malware, it needs to be executed as administrator

When you execute a sketchy program as administrator, then it stops being a virus. It is pure stupidity.

/thread

[GoodBytes]

When you execute a sketchy program as administrator, then it stops being a virus. It is pure stupidity.

/thread

And yes it managed to infect many systems.

Also, it is not a  virus, it is a malware.

 

It exploited Magento CMS vulnerability, which allowed the malware to not only inject itself, but be ran by Magento CMS as administrator on the system. That is how it gain admin access.