Security News > 2023 > February > Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm
The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process.
"The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom," SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News.
SentinelOne characterized the Linux version as an early-stage version owing to the fact that some functions that are present in its Windows counterpart are missing.
This lack of feature parity is also explained by the fact that the malware authors have opted to build a custom Linux payload rather than simply porting over the Windows version, suggesting that future variants of Clop could close those gaps.
The Linux version is designed to single out specific folders and file types for encryption, with the ransomware containing a hard-coded master key that can be utilized to recover the original files without making a payment to the threat actors.
"While the Linux-flavored variation of Cl0p is, at this time, in its infancy, its development and the almost ubiquitous use of Linux in servers and cloud workloads suggests that defenders should expect to see more Linux-targeted ransomware campaigns going forward," Terefos said.
News URL
https://thehackernews.com/2023/02/linux-variant-of-clop-ransomware.html
Related news
- Microsoft says more ransomware stopped before reaching encryption (source)
- New Qilin ransomware encryptor features stronger encryption, evasion (source)
- New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)