Security News > 2023 > March > IceFire ransomware now encrypts both Linux and Windows systems
Threat actors linked to the IceFire ransomware operation now actively target Linux systems worldwide with a new dedicated encryptor.
IceFire operators exploit a deserialization vulnerability in the IBM Aspera Faspex file-sharing software to hack into targets' vulnerable systems and deploy their ransomware payloads.
"In comparison to Windows, Linux is more difficult to deploy ransomware against-particularly at scale. Many Linux systems are servers: typical infection vectors like phishing or drive-by download are less effective," SentinelLabs says.
IceFire ransomware's move to expand Linux targeting after previously focusing on attacking only Windows systems is a strategic shift that aligns with other ransomware groups that have also started attacking Linux systems in recent years.
While IceFire ransomware doesn't specifically target VMware ESXi VMs, its Linux encryptor is just as efficient, as shown by victims' encrypted files submitted to the ID-Ransomware platform for analysis.
"While the groundwork was laid in 2021, the Linux ransomware trend accelerated in 2022 when illustrious groups added Linux encryptors to their arsenal."
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Use Windows event logs for ransomware investigations, JPCERT/CC advises (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)