At this point, the attacker typically copies the malicious executable to a local directory such as the Temp folder and then terminates and removes the script. Once in the target environment, the ransomware operator “phones home” to download a hidden executable by connecting to a predefined list of IP addresses that host the command-and-control (C2) server. Rex, another dangerous strain of Linux ransomware, uses vulnerability scanners specific to Drupal, WordPress, Magento, Kerner, Airos, Exagrid, and Jetspeed to detect SQL injection vulnerabilities that can be exploited to gain admin credentials. For instance, the infamous Lilocked ransomware exploits out-of-date versions of the Exim message transfer agent to gain a foothold in a target environment. Linux ransomware exploits either unpatched system vulnerabilities or flaws in a service, such as a web server or email server, to obtain access to a target system and compromise files. Unlike Windows ransomware variants which spread via email or maladvertising, Linux ransomware infection relies on vulnerability exploitation.
Let’s take a closer look at the anatomy of a Linux ransomware attack, broken down step-by-step, to help you gain a more thorough understanding of this growing threat to your systems and your data. Ransomware attacks targeting Linux systems are generally carried out in a series of clearly-defined steps, beginning with the exploitation of one or multiple unpatched vulnerabilities and ending with a payday for the attackers. Linux ransomware can be characterized by the sophistication and diversity of the tactics, methods and techniques that it employs to compromise systems and generate profits for its operators. In this article, we’ll examine the anatomy of a Linux ransomware attack, explore the magnitude of the ransomware risk Linux users face compared to Windows users and offer some tips and advice for protecting against Linux ransomware. Although ransomware variants that target Linux devices are still in the minority, Linux ransomware has proven to be diverse and sophisticated in its distribution techniques and extortion methods. While 85% of ransomware attacks target Windows systems, Linux is becoming an increasingly popular target due to the high value of the devices it powers - namely, servers that administer enterprise and government networks, web services and massive databases owned by organizations that can afford to pay to have operations and critical data restored after an attack.
Through a combination of advanced encryption and effective extortion mechanisms, a ransomware attack can have devastating consequences for any victim including data loss, reputation harm, recovery costs and significant downtime. Ransomware has dominated cybersecurity news headlines for the past decade, and for good reason.
0 kommentar(er)
