Kaspersky: We identified new ransomware targeting Linux-based systems
It is a Linux version of RansomEXX. According to the company, a number of victims have fallen victim to the malware since the beginning of the year
Ami Rojkes Dombe
| 09/11/2020
Photo: Bigstock
New ransomware built as an ELF executable file is intended to encrypt data on machines based on Linux operating systems. "After the initial analysis we noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion, which suggested that we had in fact encountered a Linux build of the previously known ransomware family RansomEXX," said a post on Kaspersky's Securelist blog. "This malware is notorious for attacking large organizations and was most active earlier this year."
RansomEXX is a targeted Trojan. Each sample of the malware contains a hardcoded name of the victim organization. Moreover, both the encrypted file extension and the email address for contacting the extortionists make use of the victim’s name. Several companies have fallen victim to the malware in recent months including the Texas Department of Transportation (TxDOT) and Konica Minolta, according to the blog post.
It is a Linux version of RansomEXX. According to the company, a number of victims have fallen victim to the malware since the beginning of the year
Photo: Bigstock
New ransomware built as an ELF executable file is intended to encrypt data on machines based on Linux operating systems. "After the initial analysis we noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion, which suggested that we had in fact encountered a Linux build of the previously known ransomware family RansomEXX," said a post on Kaspersky's Securelist blog. "This malware is notorious for attacking large organizations and was most active earlier this year."
RansomEXX is a targeted Trojan. Each sample of the malware contains a hardcoded name of the victim organization. Moreover, both the encrypted file extension and the email address for contacting the extortionists make use of the victim’s name. Several companies have fallen victim to the malware in recent months including the Texas Department of Transportation (TxDOT) and Konica Minolta, according to the blog post.
