New encryption ransomware targets Linux servers

Doctor Web has issued a warning about a new piece of ransomware that is targeting Linux web server administrators, called Linux.Encoder.1.

The malicious software exploits the Magento content management system to gain entry to a system.

Once the trojan is on a Linux machine and launched with root privileges, Linux.Encoder.1 downloads files containing the attackers’ demands, and a file with the path to a public RSA key.

From there it encrypts files in home directories and directories related to website administration. It may also target other directories, with attackers able to specify what the trojan should encrypt.

Ars Technica reported that the malicious software scans the system for Apache, Nginx, and MySQL installations.

It also looks for log directories and the location of webpage contents before going after a variety of file types such as SQL, Java, JavaScript, and document files.

It also goes after Windows files such as executables, program libraries, and Active Server Pages (.asp).

A ransom of 1 Bitcoin (R5,400) is asked of the victims, after which the required private key will be sent to them. “Without this key, you will never be able to get your original files back,” state the attackers.

The attackers then proceed to give a Bitcoin wallet key, along with a link to a Tor hidden service site via a Tor gateway.

More security news

New Android adware is almost impossible to get rid of

Serbian arrested in Joburg over ATM skimming devices

SA State Security threatens to spy on WhatsApp and email: report

New malware attacks all iPhones and iPads

Hacker Batman may be out there, watching over your ADSL router

Don't miss the latest news

• Add MyBroadband as a preferred source in Google Search
• Follow MyBroadband on Google News