Ryuk Ransomware stops encrypting Linux directory
In the latest attack, the ransomware Ryuk (Ryuk Ransomware) caused the entire public computer system of New Orleans, Louisiana, USA to be locally crippled by using an executable file called v2. .exe. After analyzing this malicious executable file, well-known security researcher Vitali Kremez discovered an interesting change in the way ransomware works, that it no longer encrypts certain types of mail. The item is associated with * NIX operating systems.
The * NIX directory in Ryuk's blacklist includes: bin, boot, Boot, dev, etc, lib, initrd, sbin, sys, vmlinuz, run, Var.
This is obviously a strange phenomenon when a malicious Windows program lists the * NIX directories blacklisted when encrypting files. There are even questions about whether there is a Ryuk Unix variant when the data stored in these operating systems has been encrypted during many of Ryuk's previous attacks.
Ryuk's Linux / Unix variant does not exist, but Windows 10 contains a feature called Windows Subsystem for Linux (WSL) that allows you to install various Linux distributions directly in Windows, and those That Linux distribution will definitely have to use the directories listed in the above list.
With the growing popularity of WSL, Ryuk is able to encrypt a Windows device at some point and this affects the * NIX system folders used by WSL, while also causing WSL installations. This cannot work. That's why Ryuk can affect NIX devices through WSL.
The ultimate goal of all malicious code is nothing but encrypted data of the victim but at the same time does not affect the function of the operating system. Therefore, this new change in the way Ryuk operates can be considered as an 'evolutionary step', making it more dangerous.
By putting a bunch of Linux directories on the blacklist, the people behind Ryuk have removed an additional headache that they need to solve for people who accept ransom payments but have a broken WSL setting corrupted by ransomware.
You should read it
- Strange ransomware detection only attacks the rich
- PureLocker - a very 'weird' ransomware strain that can encrypt servers
- Another large Data Center service provider became a victim of ransomware
- Ransomware (ransomware) is showing signs of explosion worldwide, paying is no longer the most effective option.
- Warning: These 3 dangerous ransomware could explode all over the world, 1800 large enterprises were 'shot'.
- Mexico's largest oil and gas corporation has been attacked by ransomware, presenting a cyber security disaster
- STOP - Ransomware is the most active in the Internet but rarely talked about
- 7 kinds of ransomware you didn't expect
May be interested
- How to mount remote directory in Linux with SSHFSfrom an end-user perspective, sshfs is a simple and very easy to use solution. sshfs is also extremely secure because it depends on the proven openssh server.
- Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMwaredubbed magniber, this dangerous ransomware strain has been around for a while now, and is ranked among the most dangerous with its diverse infection capabilities.
- New ransomware strain discovered using leaked Windows and Linux encryptiona new ransomware operation called 'buhti' uses leaked code of the lockbit and babuk ransomware families to target windows and linux systems
- This is the world's fastest ransomware, encrypting 53GB of data in just over 4 minutesransomware tested includes revil , darkside, babuk, maze, lockbit and several other ransomware on both windows 10 and windows server 2019 editions.
- Mexico's largest oil and gas corporation has been attacked by ransomware, presenting a cyber security disastermexico's oil and gas conglomerate pemex has been the victim of a ransom encryption attack.
- Manage folders in Unix / Linuxa directory is a file whose only task is to store the name and related file information. all files, which can be regular, special or directory files, are kept in folders.
- Directory tree structure in Linuxhave you ever wondered why some programs in linux are stored under different directories like / bin, / sbin, / usr / bin or / usr / sbin?
- List of the 3 most dangerous and scary Ransomware viruseswhile security solutions to protect us from threats, hackers are increasingly improving, while malicious programs (malware) are also becoming more and more 'cunning'. and one of the recent threats is how to extort money through ransomware.
- Ransomware STOP started installing Trojans to steal victim passwordsin addition to encrypting files on the system, ransomware stop strains have also started quietly installing the azorult password stealing trojan on the victim's computer to steal account information, electronic wallet, and file desktop ...
- 3 simple ways to enable / disable the Encrypting File Systemencrypting file system (efs) is a built-in feature on windows operating system to encrypt system files. windows users can use this feature to protect important data on their computers to prevent unauthorized hackers from accessing and stealing information.