It was a common perception that Linux systems are secure and safer than those running on Windows operating system. It may have been true earlier, but in the recent times there have been multiple occasions where hackers have shown that Linux is not as bulletproof as people might have thought. Many websites running on Linux have recently come under attack by hackers, who are demanding bitcoin to restore website access.
The hackers are using a new kind of ransomware to specifically target Linux based systems. The new ransomware, christened Linux.Encoder.1 affects the system by encrypting the file systems using 128 bit AES encryption. Linux.Encoder.1 affects the files present in home, root, MySQL, Apache and Nginx directories. Once affected, it is impossible to gain access to these files and recover the affected web application.
The affected directories on the folder will include a text file with ransom demands generated using the trojan’s capabilities. Until now, the hackers have been demanding a ransom of 1 bitcoin in return for the decryption key.
According to experts, Linux.encoder.1 has been exploiting a weakness found on Magento CMS that allowed hackers to run the script without having admin level access to the server. Once the critical flaw was identified, Magento released a bunch of patches labelled SUPEE-6788 on 31st of October. Even though it has been over 11 days since the patch was released, many Magento users are yet to update their systems, leaving them vulnerable to attacks.
Meanwhile, those who are affected by Linux.Encoder.1 have only two options. Either use backup data to create a fresh setup or in the absence of backup, pay the ransom. If there is a third option, we would like to know and please feel free to inform us so that we can report it in our next article.