New ransomware for Linux discovered under development

Experts from the American information security company Uptycs recently found a malicious ELF file that encrypts data at a given folder path. The onion link found in the binary turned out to be inactive, and analysts concluded that a new ransomware program for Linux is still under development.

It is noteworthy that the README_TO_RESTORE note left on the infected machine literally repeated the text used by the Dark Angels ransomware for the same purpose. This group created ransomware based on the leaked Babuk code and is actively implementing it on Windows computers in corporate networks.

New ransomware for Linux discovered under development

New ransomware for Linux discovered under development

The analysis showed that for encryption, the recruit is specified in the desired folder – the name and path are passed in the command as an argument. Converted files are given the .crypted extension. The malware also creates a list of all encrypted objects, saving it in the wrkman.log.0 file.

As of September 5, 30 out of 63 antiviruses in the VirusTotal collection recognize the new Linux malware. Since the project is still crude, the researchers believe that it will be finalized and improved.

Ransomware for

Read more

Explore the site

More from the blog

Latest News