Subscribe to Email Updates

Subscribe

Future Linux Ransomware Ransacking the Internet

By Liviu Arsene on Nov 25, 2015 | 0 Comments

The recent discovery of Linux ransomware dubbed Linux.Encoder raised serious questions about the safety of the internet. More than 97 percent of web servers run some Linux OS distribution, and the new threat of Linux ransomware brings with it a whole new element to the danger.

Until now, ransomware was seen as only a problem Windows users had to deal with, and other operating systems – Linux included – were considered immune to the threat. By sheer luck, the first-ever reported version of Linux ransomware was buggy to begin with, allowing security firm Bitdefender to quickly develop an antidote.

 

Getting some perspective on things

While the average user might not be aware of this, every online search or every visited website in some way dependent on Linux-based servers, mainframes, and even supercomputers. Linux plays a vital role in doing the heavy lifting for what we call the internet and has been embedded into everything from firmware distributions to routers, smartphones, and even video game consoles.

Envisioning a world without Linux is truly the stuff of nightmares, and The Linux Foundation did a great job of showing it in a short video. Every search engine – besides Bing.com and Live.com, which belong to Microsoft and run Windows Server – run some type of Linux distribution.

Every webpage we visit is hosted on a Linux server and every Linux server has shared hosting for serving more than one website, so some serious security implications come to mind when taking a closer look at this recent Linux ransomware incident.

Windows ransomware has turned out to be highly lucrative, as it has been estimated that a single ransomware-disseminating exploit kit could generate $60 million dollars per year. So what would happen if the Linux OS was targeted next?

 

If worst comes to worst

Before going into the worst possible scenario involving Linux ransomware, ask yourself a couple of questions. One of them has to do with shared hosters that don’t isolate websites. For example, a single corrupted website could spread the infection on all hosted websites, regardless of how secure they are.

With countless websites hacked every day and used to disseminate spam, host phishing or rogue advertising websites, most victims have no idea they have been compromised, let alone the ability to pinpoint the time when it happened.

As Wordpress is one of the most popular CMS (Content Management System) platforms on the internet, it is also one of the most prone to attacks. One of the most common methods for breaching it involves exploiting outdated plugins and Wordpress distributions. So, how many of you actually have both of these updated as soon as newer versions become available? If the answer is “once every now and again” or “why fix it if it isn’t broken,” then you might be the unfortunate – or fortunate, if you on the attacker’s side – victim that will have to pay a ransom to get back your files once you’re hit with a more potent version of this Linux ransomware.

 

Consider this a free lesson

Hackers or malware developers rarely make mistakes as significant as they did with the encryption algorithm for Linux.Encoder. Trivial or not, the fact that ransomware is now targeting Linux systems is of serious concern. However, those affected by this particular strand can download the Bitdefender decryption tool for Linux.Encoder.1 that will restore all encrypted files to their original state.

Future variants will likely learn from their Windows counterparts and include a Command and Control server, generating unique encrypting/decrypting keys for each instance, making it just as painstakingly difficult to deal with as Windows ransomware.

 

Ransacking the Internet

With the internet itself built on top of Linux, it’s not hard to speculate that, if future variants of the Linux.Encoder were to include some “upgrades,” the entire internet could be held for ransom.

This would probably be a good time to start patching our Linux systems, making backups for critical data – don’t forget to keep them off-site – and play our part in making the internet a safer place.

The alternative would be to start saving now for when you’ll be hacked and ransomed, because not only will you have to dig deep in your pockets in return for a promise to get your data back, you might do it several times.

 
Share This Post On

Author: Liviu Arsene

Liviu Arsene is a Global Cybersecurity Researcher for Bitdefender, with a strong background in security and technology. Researching global trends and developments in cybersecurity, he focuses on advanced persistent threats and security incidents while assessing their impact in critical public and private business infrastructures. His passions revolve around innovative technologies and gadgets, focusing on their security applications and long-term strategic impact.