Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Ryuk Ransomware stops encrypting Linux directory
In the latest attack, the ransomware Ryuk (Ryuk Ransomware) caused the entire public computer system of New Orleans, Louisiana, USA to be locally crippled by using an executable file called v2. .exe. After analyzing this malicious executable file, well-known security researcher Vitali Kremez discovered an interesting change in the way ransomware works, that it no longer encrypts certain types of mail. The item is associated with * NIX operating systems.
Ryuk Ransomware stops encrypting Linux directory Picture 1
The * NIX directory in Ryuk's blacklist includes: bin, boot, Boot, dev, etc, lib, initrd, sbin, sys, vmlinuz, run, Var.
This is obviously a strange phenomenon when a malicious Windows program lists the * NIX directories blacklisted when encrypting files. There are even questions about whether there is a Ryuk Unix variant when the data stored in these operating systems has been encrypted during many of Ryuk's previous attacks.
Ryuk's Linux / Unix variant does not exist, but Windows 10 contains a feature called Windows Subsystem for Linux (WSL) that allows you to install various Linux distributions directly in Windows, and those That Linux distribution will definitely have to use the directories listed in the above list.
With the growing popularity of WSL, Ryuk is able to encrypt a Windows device at some point and this affects the * NIX system folders used by WSL, while also causing WSL installations. This cannot work. That's why Ryuk can affect NIX devices through WSL.
The ultimate goal of all malicious code is nothing but encrypted data of the victim but at the same time does not affect the function of the operating system. Therefore, this new change in the way Ryuk operates can be considered as an 'evolutionary step', making it more dangerous.
By putting a bunch of Linux directories on the blacklist, the people behind Ryuk have removed an additional headache that they need to solve for people who accept ransom payments but have a broken WSL setting corrupted by ransomware.
Marvin FryYou should read it
- What is Ransomware Ryuk? How to prevent it?
- Ryuk Ransomware has added 'selective' encryption capabilities.
- Strange ransomware detection only attacks the rich
- PureLocker - a very 'weird' ransomware strain that can encrypt servers
- Another large Data Center service provider became a victim of ransomware
- Ransomware (ransomware) is showing signs of explosion worldwide, paying is no longer the most effective option.
- Warning: These 3 dangerous ransomware could explode all over the world, 1800 large enterprises were 'shot'.
- Mexico's largest oil and gas corporation has been attacked by ransomware, presenting a cyber security disaster
- STOP - Ransomware is the most active in the Internet but rarely talked about
- 7 kinds of ransomware you didn't expect
- Take a look at the most significant threats from the security world in 2019
- Ransomware STOP started installing Trojans to steal victim passwords
Technology story
Simple ways to protect home security cameras, avoid hacking- Intel's plan to launch a folding laptop is troubled, but the culprit is Windows 10 X
- Samsung suddenly launched a 'mysterious' support application on the Microsoft Store
- 10 most outstanding technology products in the last decade
- Invite to experience Puzzle Snake, a combination game of Snakes and Puzzle, hard to imagine
- Xiaomi launched 2 fancy mechanical keyboards and fancy wireless mice
Simple ways to protect home security cameras, avoid hacking
Intel's plan to launch a folding laptop is troubled, but the culprit is Windows 10 X
Samsung suddenly launched a 'mysterious' support application on the Microsoft Store
10 most outstanding technology products in the last decade
Invite to experience Puzzle Snake, a combination game of Snakes and Puzzle, hard to imagine
Xiaomi launched 2 fancy mechanical keyboards and fancy wireless mice