Ransomware has been a biggest threat for the past year and many has been a victim for this malware type and lose money. Normally ransomware targets the files in a computer. Recently a ransomware has been analysed which targets web servers.
The new ransomware has been dubbed as #Linux.Encoder.1 and this ransomware encrypt the files of the root directory and other directories needed for the web hosting.
This new ransomware encrypts the data with AES algorithm and once the web server has been targeted then the following steps will be carried out
1. Download the supporting file to encrypt the data.
2. Download the RSA key needed to store all the AES keys needed.
The ransomware targets the MySQL and Apache root directories related to the web hosting and then the files will be encrypt with .encrypt file format and then it will display the message that
"The files has been encrypted and needs 1 bit coin (~450 USD) to decrypt the data and then the instructions for the decrypting" will be displayed.
The ransomware will look for all the web related file format and then once the victim pays the bitcoin then the command will be passed to the computer to continue the decryption process and the web servers are targeted through the normal third party software and plugin vulnerabilities.
The best way to evade this ransomware is not to respond to any unknown messages through mail or through pop ups and regular backing up of data will help in effective mitigation. If targeted security researchers advises to make a copy of encrypted files and wait for decrypter tool.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment