New Ransomware Virus Targets Linux Servers
While the Linux operating system is generally ignored in ransomware attacks, a new version of malicious code named Erebus is designed to lock up and hold hostage servers running Linux distributions.
The new ransomware appears to have originated in South Korea, and criminals using Erebus have already extorted Nayana, a South Korean web hosting provider, out of $1 million US dollars in an attack from late June. At the time it was unknown what code was used, but new details have emerged.
The attackers demanded payment in the form of Bitcoin, which has become a popular method of payment in randomware attacks due to its relative anonymity and digital nature.
Erebus, according to a report from The Merkle, is a family of ransomware exploits first developed in 2016 that until now only targeted Windows environments. This new version is designed for Linux, and attacks have been successful on servers running older distributions. The affected computers from Nayana were running on a version of Linux from 2008. It is unknown if current releases are threatened.
IT security firm Trend Micro has analyzed several versions of Erebus code and has provided some information. The ransomware is loaded through clicking on what is known as “malvertisements,” web ads that transmit malicious code. It is initiated when the infected computer is restarted, and encrypts the computer’s files using the RSA-2048 protocol, which is currently considered uncrackable. It then displays a “ransom note” on the screen demanding payment within 96 hours or the files will be deleted. Depending on the version, payments range from 0.085 Bitcoin ($2128.02 as of July 26th, 2017) to the $1 million amount paid out by Nayana.
The newest version released demands 5 Bitcoins, which is currently about $12,500 US dollars. To minimize risk, Trend Micro has suggested that operators keep servers up to date and minimize installation of third-party software. Ad blockers are also recommended, but it is unknown if they completely prevent attacks.