DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 10th September 2019
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Thousands of Linux servers infected with new Lilocked (Lilu) ransomware

From https://www.zdnet.com/article/thousa...lu-ransomware/ :

Quote:
Researchers spot new ransomware targeting Linux-based servers

Thousands of web servers have been infected and had their files encrypted by a new strain of ransomware named Lilocked (or Lilu).
...
Based on current evidence, the Lilocked ransomware appears to target Linux-based systems only.
...
The way the Lilocked gang breaches servers and encrypts their content is currently unknown. A thread on a Russian-speaking forum puts forward the theory that crooks might be targeting systems running outdated Exim (email) software. It also mentions that the ransomware managed to get root access to servers by unknown means.

Servers hit by this ransomware are easy to spot because most of their files are encrypted and sporting a new ".lilocked" file extension
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 11th September 2019
ripe's Avatar
ripe ripe is offline
Package Pilot
 
Join Date: Feb 2013
Location: France
Posts: 175
Default

Argh. Maybe the encryption will be resolve by someone.
Reply With Quote
  #3   (View Single Post)  
Old 11th September 2019
Beastie Beastie is offline
Daemonology student
 
Join Date: Jan 2009
Location: /dev/earth0
Posts: 335
Default

Quote:
Originally Posted by ripe View Post
Argh. Maybe the encryption will be resolve by someone.
Highly unlikely. While in a few cases the criminals were sloppy and one could easily obtain the key, in most cases strong cryptography is being used, which makes restoring data impossible with current hardware.

Sysadmins should focus on having reliable backups, keeping their systems patched up and doing everything in their power to make the criminals' lives more difficult.
__________________
May the source be with you!
Reply With Quote
  #4   (View Single Post)  
Old 12th September 2019
ripe's Avatar
ripe ripe is offline
Package Pilot
 
Join Date: Feb 2013
Location: France
Posts: 175
Default

Ok! Thanks for the explanation.

Quote:
Originally Posted by Beastie View Post
Sysadmins should focus on having reliable backups, keeping their systems patched up and doing everything in their power to make the criminals' lives more difficult.
Yes!
Reply With Quote
  #5   (View Single Post)  
Old 12th September 2019
PapaParrot's Avatar
PapaParrot PapaParrot is offline
parrot
 
Join Date: Jul 2015
Location: Durango, Mx.
Posts: 472
Default

Maybe if these bitcoin people did not permit criminals to use bitcoin accounts, for this kind of thing it would also help make the criminals' lives more difficult. Seems like bitcoins make life much easier for these crime gangs to operate, and encourage more online crime. Just a thought.
__________________
My best friends are parrots
Reply With Quote
  #6   (View Single Post)  
Old 29th September 2019
victorvas victorvas is offline
Real Name: Victor
Linux
 
Join Date: May 2019
Posts: 148
Default

With first glance at the title I thought the Lilo boot loader got infected.

I remember something similar happened to Windows systems und caused a lot of damage. What was it's name? Wanacrypt?
Reply With Quote
  #7   (View Single Post)  
Old 29th September 2019
Beastie Beastie is offline
Daemonology student
 
Join Date: Jan 2009
Location: /dev/earth0
Posts: 335
Default

Quote:
Originally Posted by victorvas View Post
I remember something similar happened to Windows systems und caused a lot of damage. What was it's name? Wanacrypt?
Yep, AKA WannaCry. A real scourge, and unfortunately not the first one of its kind nor the last.
__________________
May the source be with you!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HTTPS-crippling attack threatens tens of thousands of Web and mail servers J65nko News 8 22nd May 2015 06:50 AM
10,000 Linux servers hit by malware serving tsunami of spam and exploits J65nko News 3 23rd March 2014 02:32 PM
Ransomware claims to lock Windows licence J65nko News 2 23rd April 2011 12:08 AM
50 ISPs harbor half of all infected machines worldwide J65nko News 0 18th November 2010 07:55 PM
Authorities dismantle botnet with 13 million infected PCs J65nko News 0 3rd March 2010 12:49 AM


All times are GMT. The time now is 03:44 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick