Thread: Thousands of Linux servers infected with new Lilocked (Lilu) ransomware
View Single Post
  #1   (View Single Post)  
Old 10th September 2019
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,132
Default Thousands of Linux servers infected with new Lilocked (Lilu) ransomware
From https://www.zdnet.com/article/thousa...lu-ransomware/ :

Quote:
Researchers spot new ransomware targeting Linux-based servers

Thousands of web servers have been infected and had their files encrypted by a new strain of ransomware named Lilocked (or Lilu).
...
Based on current evidence, the Lilocked ransomware appears to target Linux-based systems only.
...
The way the Lilocked gang breaches servers and encrypts their content is currently unknown. A thread on a Russian-speaking forum puts forward the theory that crooks might be targeting systems running outdated Exim (email) software. It also mentions that the ransomware managed to get root access to servers by unknown means.

Servers hit by this ransomware are easy to spot because most of their files are encrypted and sporting a new ".lilocked" file extension
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote