Register now for better personalized quote!

This notorious ransomware has now found a new target

Feb, 07, 2023 Hi-network.com
Image: Getty/Erikona

An experimental new version of a prolific form of ransomware has been seen targeting Linux systems for the first time.  

Clop ransomware first appeared in 2019 and, despite being hit by arrests and takedowns in 2021, continues to operate today, with the discovery of a new variant indicating the group is still keen to find new means of conducting ransomware campaigns. 

Security

  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

The Linux variant of Clop ransomware has been uncovered and detailed by cybersecurity researchers at SentinelOne, who say it's active in the wild. However, they also suggest a flawed decryption mechanism means that, for now, the Clop Linux variant is still in the experimental stages of development.  

The new Linux variant is similar to the original Windows-targeting Clop, using the same encryption method and similar process logic -- but there's also some differences.

Some of these variations exist because the ransomware authors are trying to build bespoke Linux payloads from scratch, instead of just directly porting the Windows version of Clop to Linux. 

It's for this reason that researchers believe the Linux variant of Clop is still under development, because several functions that are in the Windows version still aren't available in the Linux variant. 

Also: Ransomware has now become a problem for everyone, and not just tech

In addition, the Linux version of Clop ransomware currently contains a flaw in its encryption protocols, which makes it possible to retrieve encrypted files without holding the decryption key. 

In other words, in its current state, the Linux version of Clop ransomware could be ineffective at forcing victims to pay a ransom, as they potentially wouldn't need to pay to get their files back. 

While the Linux version of Clop ransomware appears to be experimental at this stage, it's the latest in a string of ransomware variants that are focused on operating systems other than Windows.  

Linux has become an increasingly popular target for malware and ransomware attacks because it's become widely used in enterprise networks, particularly as organizations shift their focus toward cloud-based applications and services.

"Ransomware groups are constantly seeking new targets and methods to maximize their profits. Being widely used in enterprise environments, Linux and cloud devices offer a rich pool of potential victims. Cloud infrastructures often store critical data and run business-critical applications, making them a valuable target," Antonis Terefos, threat intelligence researcher at SentinelOne, told .

"In recent years, many organizations have shifted towards cloud computing and virtualized environments, making Linux and cloud systems increasingly attractive targets for ransomware attacks. Therefore, ransomware groups targeting Linux and cloud systems is a natural progression in their quest for higher profits and easier targets," he added.

Also: Ransomware: Why it's still a big threat, and where the gangs are going next

When it comes to defending Linux systems against ransomware and other threats, there are steps that can be taken -- and many are similar to those used to help protect Windows systems. 

These steps include keeping systems up to date with the latest security patches to prevent intrusions that exploit known vulnerabilities in systems. 

Many ransomware attacks also abuse stolen usernames and passwords. Organisations should ensure that accounts, particularly those associated with critical servers, are secured with a strong and unique password -- and accounts should be secured with multi-factor authentication to provide an additional layer of security. 

Also:The best password managers for easily maintaining all your logins

"The recommended approach to protect from such attacks is a multi-layer perspective -- it includes investing in the proper endpoint protection on each cloud, and endpoint, regardless of their operating system, ensuring access control, protecting the identities of an organization, patch management, and educating users about their risks of phishing and other social engineering tactics," said Terefos.

MORE ON CYBERSECURITY

  • This sneaky ransomware gang keeps changing tactics to spread its malware
  • Fewer ransomware victims are paying up. But there's a catch
  • This Mac ransomware is old but it could still cause you big problems
  • The real cost of ransomware is even bigger than we realised
  • This broken ransomware can't decrypt your files, even if you pay the ransom

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.