RansomEXX trojan variant is being deployed against Linux systems, warns Kaspersky

2020-11-09 17:12

A trojan targeting Linux and deployed by a known ransomware gang has been discovered by Russian antivirus firm Kaspersky.

The trojan was, so the two said, similar to the existing RansomEXX trojan, which they said had been deployed only last week against Brazil's courts, as well as targets in the US and elsewhere.

RansomEXX's Linux variant contains few or no functions used by other ransomware families, containing no command-'n'-control server phone-home functionality or anti-analysis "Tricks".

Potentially this is because the ransomware is, well, ransomware; once deployed its presence is obvious to users and network admins alike because everything stops working, except for ransom notes demanding payment for decryption.

"Basic" ransomware attacks are typically deployed by an attacker who compromises a network well in advance, such as in Finland in October, where a psychotherapy clinic's patients had clinical notes stolen and published online.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/11/09/linux_ransomware_kaspersky/

#kaspersky #linux #trojan

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		11	64	2312	1489	67	3932
Kaspersky		23	0	19	16	6	41