Linux Security Exploit Demands $500 Ransom to Decrypt Files
Ransomware is not something with which users of Linux-based PCs and servers have traditionally had to contend. But a few are this week in the wake of a new security exploit that demands $500 to decrypt files on computers running the open source OS.
Ransomware is not something with which users of Linux-based PCs and servers have traditionally had to contend. But a few are this week in the wake of a new security exploit that demands $500 to decrypt files on computers running the open source OS.
The exploit, called Linux.Encoder.1, targets “website administrators whose machines have web servers deployed,” according to Dr.Web, which announced the vulnerability.
The attack works by encrypting files in users’ home directories, where personal data is usually stored, along with other specific types of files in various locations on the system that are associated with Web servers and databases.
The program, which apparently takes control of systems by exploiting a vulnerability in the Magenta ecommerce platform, also leaves a note in the form of a text file that instructs users that they must pay a ransom in Bitcoin equivalent to about $500 to have their files decrypted. According to reports online, the ransomware does actually decrypt files after users pay the ransom.
Practically speaking, the threat from this ransomware is minimal. Dr.Web says it believes that “at least tens” of users have been affected by Linux.Encoder.1 so far, which suggests that this is not a massive exploit that is going to sweep across the open source ecosystem.
Moreover, the fact that it seems to target machines that are used as Web servers, not personal computers, means it’s unlikely that much personal data will be lost if it encrypts home directories. No good Web server administrator stores lots of personal information on the same machine that hosts websites, at least not today.
Most important, Bitdefender has already announced that the encryption key that the ransomware uses to hold data hostage can be defeated without paying the ransom. As malware goes, Linux.Encoder.1 seems to be the work of an amateur.
Still, Linux.Encoder.1 is notable given the rarity of security exploits like this on Linux systems. Linux users have long enjoyed the privilege of not having to think much about security, largely because the small size of the Linux community has made it an unattractive target for attackers. But whoever is behind this ransomware apparently sees things differently.
