Security News

For the first time, researchers have publicly spotted a Linux encryptor used by the HelloKitty ransomware gang: the outfit behind the February attack on videogame developer CD Projekt Red. On Wednesday, MalwareHunterTeam disclosed its discovery of numerous Linux ELF-64 versions of the HelloKitty ransomware targeting VMware ESXi servers and virtual machines running on them.

The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage. Yesterday, security researcher MalwareHunterTeam found numerous Linux ELF64 versions of the HelloKitty ransomware targeting ESXi servers and the virtual machines running on them.

A cryptojacking gang that's likely based in Romania is using a never-before-seen SSH brute-forcer dubbed "Diicot brute" to crack passwords on Linux-based machines with weak passwords. Bitdefender's honeypot data shows that attacks matching the brute-force tool's signature started in January.

If two-factor authentication logins on your Linux servers are giving you fits, Jack Wallen has the solution for you. Recently, I had an incident where a two-factor authentication-enabled Linux server wouldn't allow me in via SSH. Fortunately, I had physical access to the server, so it wasn't a complete disaster.

British anti-malware powerhouse Sophos has acquired Capsule8 to beef up the Linux protection capabilities to its endpoint detection and response product stack. For Sophos, the Capsule8 technology adds runtime visibility, detection and response for Linux production servers and containers covering both on-premises and cloud workloads.

"REvil ransomware authors have expanded their arsenal to include Linux ransomware, which allows them to target ESXi and NAS devices," Caspi wrote. In a nod to research by AdvIntel in early May 2021, which reported REvil's intent to port its Windows-based ransomware to Linux, Caspi confirmed the Linux variant was spotted in May "Affecting *nix systems and ESXi.".

Jack Wallen installed 1Password on Linux and found it to be a fantastic solution for password management. Follow his tutorial on how to get this proprietary solution installed on your open source OS.

New Linux admins need to know how to give and take sudo privileges from users. Jack Wallen shows you how on both Ubuntu- and Red Hat-based Linux distributions.

The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines. With the enterprise moving to virtual machines for easier backups, device management, and efficient use of resources, ransomware gangs increasingly create their own tools to mass encrypt storage used by VMs. In May, Advanced Intel's Yelisey Boguslavskiy shared a forum post from the REvil operation where they confirmed that they had released a Linux version of their encryptor that could also work on NAS devices.

If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.