Ransomware is a particularly nasty piece of malware that has become even more popular in recent years. Initially, malware was designed to just disrupt or damage a person’s computers or files. Then came ransomware, designed to benefit the creator by either disturbing or denying access to their files the ransomware then offers to decrypt any nastily encrypted files using the only available key online by a set date if you pay them. It would seem that Linux users are the latest target with Linux.Encoder.1 targeting the operating system.
Targeted at a vulnerability in the Magneto CMS system, popular amongst e-commerce sites, and then once run with administrator-level privileges, will encrypt the user’s home directories and any files that could be associated with websites and hosting websites on the system. This is particularly lethal to stores which make their living through online selling, potentially knocking the site offline and costing them hundreds in one fell swoop.
After encrypting a directory, the system leaves a readme file, stating the terms for payment and offering a link to the Tor-protected gateway to make the payment of one bitcoin (a digital currency that comes in at around £250).
Once it has received the payment the malware will then decrypt the files, deleting both the readme file and the encrypted files during the process.
We would like to remind people to be careful when running any software or opening files sent or downloaded from the internet. Ransomware use is on the rise and we wish that our readers (and everyone else) never has to deal with being one of its victims.