Home Security New RansomEXX Ransomware Variant Targets Linux Systems

New RansomEXX Ransomware Variant Targets Linux Systems


After disrupting Windows systems, the RansomEXX ransomware now targets Linux devices. A new RansomEXX ransomware strain has emerged that infects Linux systems, thus expanding target devices.

RansomEXX Ransomware Targeting Linux

In a recent post, researchers from Kaspersky have elaborated on the newly discovered variant from the RansomEXX ransomware family targeting Linux systems.

Specifically, they found a trojan that implements functions from the open-source library mbedtls and encrypts data with 256-bit encryption upon execution.

Moreover, it re-encrypts the AES key every 0.18 seconds, whereas the actual encryption key changes every second. This makes sure that the encrypted data remains undecipherable, compelling the victim to pay for a decryptor.

But, apart from this, the malware exhibits no additional stealth functionalities like anti-analysis capability, C&C communication, and others, unlike most trojans.

Yet, it does bear some similarities with the Windows ransomware variant, hinting at its linkage with RansomEXX.

For instance, both appear to have emerged from the same source code as they resemble overall code layout. Also, they have similar encryption features, as well as the ransom note.

RansomEXX In The Wild

RansomEXX no more remains a new name. It has executed several high-profile attacks since its prominent appearance in June 2020.

The ransomware is particularly notable for targeting Konica Minolta, Texas Dept. of Transportation, and Tyler Technologies. The latter also paid the ransom to get a decryptor.

Besides, the latest victim of RansomEXX turns out to be the Brazilian Superior Court of Justice. The same has been confirmed by Kaspersky as well during their analysis.

So, it seems the ransomware gang has simply expanded its radius of attack with this step. Given how security freaks rely on Linux, devising dedicated Linux trojans doesn’t seem weird.

A while ago, a peculiar ransomware Tycoon surfaced online that could simultaneously target Windows and Linux alike.

Likewise, another malware Lucifer, that initially emerged as a Windows malware, turned its focus to Linux later on.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link

Related Articles

Leave a Comment