The modern day technology landscape where various advanced and persistent threats abound calls for robust security tools, one which being encryption. But what will you do when the same security is used to your disadvantage?
Such is the case with ransomware attacks. Although encryption has the core capability of helping to protect your data and files from unauthorized access, it has its share of vices as well if used inappropriately.
A new family of ransomware has been discovered in the wild that works to encrypt the files of Linux-based web servers, making it practically inaccessible to the site owner thereafter, unless of course the owner agrees to pay the amount the attackers demand in exchange for the decryption key. It is a kind of cyber extortion that at present has yet to be addressed.
The latest string of ransomware that is being called Linux.Encoder.1 holds an entire website as a ransom. Since the malware is still relatively new and only beginning to target individuals, there has only been a few instances when it was found holding a website and locking the owner out.
But security researchers continue to find a growing list of victims by this malware. The attacker’s method is encrypting the entire website and asking for a Bitcoin as the ransom payment, which is equivalent to approximately $500 for every Bitcoin.
So how do hackers manage to gain access to these target websites? According to the findings revealed by security firm Doctor Web, the attackers exploited a vulnerability in the Magneto content management system.
Although there is already a software fix for this security flaw in Magneto, the roll out of the patch is taking a longer period to complete. The patch was released last month, but only a few have yet received the fix.
The victim will find it hard to produce or simulate a decryption key to unlock the encrypted files on the server because the Linux.Encoder.1 uses an RSA-2048 key, which is impossible to duplicate. This is the same method used by other ransomware attacks.
This particular ransomware targets Apache, MySQL, and Nginx server installations to guarantee that it encrypts only the vital data and files of the victim. Through this, the attacker is certain that the user will do whatever it takes to recover the locked files, even if a ransom money is needed.
The attacker then leaves a ransom note after leaving a text file that explains how the victim can recover the files. There is a link that directs the victim to a Tor2web page.
Again, the best way to protect your data from these cyber crooks is to update your security tool and back up your data.