Linux Ransomware Debut Fails on Predictable Encryption Key (Bitdefender Labs)
Linux Ransomware Debut Fails on Predictable Encryption Key (Bitdefender Labs)
Bitdefender Labs takes
a look at Linux.Encoder.1 ransomware. "Linux.Encoder.1 is
executed on the victim’s Linux box after remote attackers leverage a flaw
in the popular Magento content management system app. Once executed, the
Trojan looks for the /home, /root and /var/lib/mysql folders and starts
encrypting their contents. Just like Windows-based ransomware, it encrypts
the contents of these files using AES (a symmetric key encryption
algorithm), which provides enough strength and speed while keeping system
resources usage to a minimum. The symmetric key is then encrypted with an
asymmetric encryption algorithm (RSA) and is prepended to the file, along
with the initialization vector used by AES.
" Once the files are
encrypted the hackers demand a fee in exchange for the RSA private key to
decrypt the AES symmetric one. However, Bitdefender researchers were able
to recover the AES key without having to decrypt it with the RSA private
key. One can also thwart this threat with some good backups. (Thanks to Richard Moore)