Linux.Encoder.1 First Ramsomeware Targets Linux Powered Website and Server

Linux.Encoder.1 by Russian antivirus firm Dr.Web, the new strain of ransomware targets Linux-powered websites and servers by encrypting MySQL, Apache, and home/root folders associated with the target site and asking for 1 Bitcoin (~ $300) to decrypt the files.

Until security researchers create a decryption program, they recommend webmasters to backup all important data and keep all their files in place in case they are targeted.

Once infected, the Linux.Encoder.1 malware encrypts all files in the Home directories on the system as well as Backup directories and the System Folders associated with Web site files, pages, images, code libraries and scripts.

Ransomware Uses AES Encryption
According to the security researchers, the ransomware in question needs root privileges to work. Additionally, when it launches, the malware starts downloading:

  1. The Ransom Message containing the demands of fraudsters
  2. A file containing the public RSA key

After that, the Ransomware starts as a daemon and deletes all of the original files. The RSA key is then used to store AES keys that are used by the ransomware to encrypt the local files on the infected computer.

The ransomware also adds the .encrypt extension to each file it encrypts and writes a ransom text message in every folder.

The malware specifically encrypts files in folders that are typically found in Linux Web server setups, including directories like home, root, MySQL, Apache, and any directory that includes terms such as git, svn, webapp, www, public_html, or backup.

Moreover, the ransomware looks for files that have extensions specific to Web development environments including .js, .css, .properties, .xml, .ruby, .php, .html, .gz, and .asp, as well as other file extensions like .rar, .7z, .xls, .pdf, .doc, .avi, .mov, .png, and .jpg.
Once the victim pays the ransom amount
1 Bitcoin (~ $300), the system receives a signal to pass over the directories again to decrypt the files.

The owner of will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.Report any Broken Download linkon Blogmytuts Facebook Page. IF YOU WANT TO BORROW MY CONTENT PLEASE CONTACT US..
Share on Google Plus

About Jaime Lacson

A Freelance Computer Tech with knowledge about computer, router and mobile phones, especially in Upgrade and Downgrade OS, Software and Hardware troubleshooting. follow me at Google+
    Blogger Comment
    Facebook Comment