{"id":145543,"date":"2015-11-10T11:34:06","date_gmt":"2015-11-10T09:34:06","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=145543"},"modified":"2015-11-10T11:36:07","modified_gmt":"2015-11-10T09:36:07","slug":"new-encryption-ransomware-targets-linux-servers","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/145543-new-encryption-ransomware-targets-linux-servers.html","title":{"rendered":"New encryption ransomware targets Linux servers"},"content":{"rendered":"<p>Doctor Web has <strong><a href=\"https:\/\/news.drweb.com\/show\/?i=9686&amp;lng=en&amp;c=5\" target=\"_blank\">issued a warning<\/a><\/strong>\u00a0about a new piece of ransomware that is targeting Linux web server administrators, called Linux.Encoder.1.<\/p>\n<p>The malicious software exploits the Magento content management system to gain entry to a system.<\/p>\n<p>Once the trojan is on a Linux machine and launched with root privileges, Linux.Encoder.1 downloads files containing the attackers\u2019 demands, and a file with the path to a public RSA key.<\/p>\n<p>From there it encrypts files in home directories and directories related to website administration. It may also target other directories, with attackers able to specify what the trojan should encrypt.<\/p>\n<p><strong><a href=\"http:\/\/arstechnica.com\/security\/2015\/11\/new-encryption-ransomware-targets-linux-systems\/\">Ars Technica reported<\/a><\/strong> that the malicious software scans the system for Apache, Nginx, and MySQL installations.<\/p>\n<p>It also looks for log directories and the location of webpage contents before going after a variety of file types such as SQL, Java, JavaScript, and document files.<\/p>\n<p>It also goes after Windows files such as executables, program libraries, and Active Server Pages (.asp).<\/p>\n<p>A ransom of\u00a01 Bitcoin (R5,400) is asked of the victims, after which the required private key will be sent to them. &#8220;Without this key, you will never be able to get your original files back,&#8221; state the attackers.<\/p>\n<p>The attackers then proceed to give a Bitcoin wallet key, along with a link to a Tor hidden service site via a Tor gateway.<\/p>\n<h3 id=\"related\">More security news<\/h3>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/144967-new-android-adware-is-almost-impossible-to-get-rid-of.html\"><strong>New Android adware is almost impossible to get rid of<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/144789-serbian-arrested-in-joburg-with-atm-skimming-devices.html\"><strong>Serbian arrested in Joburg over ATM skimming devices<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/142830-sa-state-security-threatens-to-spy-on-whatsapp-and-email-report.html\"><strong>SA State Security threatens to spy on WhatsApp and email: report<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/140900-new-malware-attacks-all-iphones-and-ipads.html\"><strong>New malware attacks all iPhones and iPads<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/140790-hacker-batman-may-be-out-there-watching-over-your-adsl-router.html\"><strong>Hacker Batman may be out there, watching over your ADSL router<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux server admins are the target of a new form of ransomware that encrypts a server\u2019s files and then sells them the key to unlock them.<\/p>\n","protected":false},"author":23,"featured_media":145549,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[36,10486,1799],"class_list":["post-145543","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-active","tag-dr-web","tag-linux"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/145543"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=145543"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/145543\/revisions"}],"predecessor-version":[{"id":145557,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/145543\/revisions\/145557"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/145549"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=145543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=145543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=145543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}