[LINK] Linux version of RansomEXX ransomware discovered
kim at holburn.net
Mon Nov 9 09:19:40 AEDT 2020
> Linux version of RansomEXX ransomware discovered
> This marks the first time a major Windows ransomware strain has been ported to Linux to aid hackers in their targeted intrusions.
> Security firm Kaspersky said today that it discovered a Linux version of the RansomEXX ransomware, marking the first time a major
> Windows ransomware strain has been ported to Linux to aid in targeted intrusions.
> RansomEXX <https://malpedia.caad.fkie.fraunhofer.de/details/win.ransomexx> is a relatively new ransomware strain that was first
> spotted earlier this year in June.
> The ransomware has been used in attacks against the Texas Department of Transportation
> <https://www.bleepingcomputer.com/news/security/new-ransom-x-ransomware-used-in-texas-txdot-cyberattack/>, Konica Minolta
> <https://www.bleepingcomputer.com/news/security/business-technology-giant-konica-minolta-hit-by-new-ransomware/>, US government
> contractor Tyler Technologies
> <https://www.bleepingcomputer.com/news/security/government-software-provider-tyler-technologies-hit-by-ransomware/>, Montreal's
> public transportation system
> <https://www.bleepingcomputer.com/news/security/montreals-stm-public-transport-system-hit-by-ransomware-attack/>, and, most
> recently, against Brazil's court system (STJ) <https://twitter.com/driwaldorf/status/1324434369218519040>.
> RansomEXX is what security researchers call a "*big-game hunter*" or "*human-operated ransomware*." These two terms are used to
> describe ransomware groups that hunt large targets in search for big paydays, knowing that some companies or government agencies
> can't afford to stay down while they recover their systems.
> These groups buy access or breach networks themselves, expand access to as many systems as possible, and then manually deploy
> their ransomware binary as a final payload to cripple as much of the target's infrastructure as possible.
> But over the past year, there has been a paradigm shift into how these groups operate.
> Many ransomware gangs have realized that attacking workstations first isn't a lucrative deal, as companies will tend to re-image
> affected systems and move on without paying ransoms.
> In recent months, in many incidents, some ransomware gangs haven't bothered encrypting workstations, and have first and foremost,
> targeted crucial servers inside a company's network, knowing that by taking down these systems first, companies wouldn't be able
> to access their centralized data troves, even if workstations were unaffected.
> The RansomEXX gang creating a Linux version of their Windows ransomware is in tune with how many companies operate today, with
> many firms running internal systems on Linux, and not always on Windows Server.
> A Linux version makes perfect sense from an attacker's perspective; always looking to expand and touch as much core infrastructure
> as possible in their quest to cripple companies and demand higher ransoms.
> What we see from RansomEXX may soon turn out to be an industry-defining trend, with other big ransomware groups rolling out their
> Linux versions in the future as well.
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link