Linux ransomware has only been in the spotlight for a couple of months but it has already gone through a couple of development lifecycles, proving that malware coders are really interested in continuing to improve it.
Following the same business model established by its Windows counterpart, Linux ransomware encrypts local files and demands bitcoin payment to restore access to them.
However, while Windows has been the target of continuous attacks, Linux threats have been somewhat fewer and not always that difficult to identify and remove. Fortunately, removing the Linux.Encoder – all four versions of the Linux ransomware – proved to be just as uncomplicated.
What’s the big deal with Linux Ransomware?
The big deal with Linux ransomware is that most of the internet runs on Linux machines. Hosting companies often use Linux-powered machines to host multiple websites from multiple clients. Storage sharing businesses also rely on Linux, and organizations often use Linux for financial, performance and maintenance reasons.
Overall, Linux is quite the cornerstone when it comes to enjoying what we call “the internet”, and having it brought to its knees by ransomware not only raises security concerns, but also serious questions over what will happen to the internet as we know it. Another big thing is that infecting Linux-running machines is entirely automated, meaning that unpatched or vulnerable systems can be compromised and infected with ransomware without anyone clicking on an infected email attachment or URL.
Imagine a power outage in your neighbourhood caused by bad weather. Because the power network was not properly shielded or protected from weather conditions, the entire neighbourhood goes dark. That’s pretty much the case with Linux-running machines that host multiple clients. If the host machine gets infected, all clients could have their data encrypted.
Where’s it all heading?
Ransomware has been plaguing the Windows operating system for years now, generating revenue in the millions - $325 million is the latest estimate – and has reaching to Android, Mac and even Linux OS.
Predicting that 2016 will be the year of ransomware, Bogdan Dumitru, Bitdefender’s Chief Technology Officer, estimated that ransomware will not only be compatible with all major operating systems –mobile or not – but that cybercriminals will also invest more time and resources into making it more difficult to combat.
While the Linux ransomware developers made some mistakes in the way they built the encryption mechanism for their samples – here’s the Linux.Encoder decryption tool if you were unlucky enough to get infected – it’s safe to assume they’ll continue development and come up with improved variants that make it difficult for security companies to nail down.
This article is brought to you in association with Bitdefender