Jump to content


KillDisk Ransomware Now Targets Linux


  • Please log in to reply
5 replies to this topic

#1 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,005 posts

Posted 05 January 2017 - 03:03 PM

KillDisk Ransomware Now Targets Linux, Prevents Boot-Up, Has Faulty Encryption

Quote

Researchers have discovered a Linux variant of the KillDisk ransomware, which itself is a new addition to the KillDisk disk wiper malware family, previously used only to sabotage companies by randomly deleting data and altering files.
The KillDisk ransomware that targets Linux computers was discovered by ESET a week after researchers from CyberX came across the first KillDisk versions that included ransomware features, but which only targeted Windows PCs.

I'll bet abarbarian is happy he won that ESET license for his Linux system now!
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#2 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,634 posts

Posted 05 January 2017 - 03:19 PM

Wonder what the point of this attack is. Even if you think you can get your data back, the ransom is so high it's hard to imagine anyone paying it except a large corporation with no backups available, and while large corps have their issues, lack of backup usually isn't among them. :hmm:

It does make me think about getting ESET for my linux though.

Edited by ebrke, 05 January 2017 - 03:21 PM.

Registered Linux User 344759

#3 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 20,806 posts

Posted 05 January 2017 - 04:22 PM

I'm not an expert, but I'd really like to know two things right off...
  • How does the malware install itself in Linux systems?
  • How does it encrypt files/directories that are in the root domain without root access?
So many of these "Linux virus/malware alerts" are so much FUD and BS most of the time that it makes one wonder what is an isn't BS. The only reason I give credence to the above is because ESET was involved in the discovery.








.

Edited by V.T. Eric Layton, 05 January 2017 - 04:23 PM.


#4 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,506 posts

Posted 05 January 2017 - 05:54 PM

Check my comments here: http://forums.scotsn...669#entry445053

View Postsecuritybreach, on 05 January 2017 - 05:49 PM, said:

Too bad that they didn't bother to quote the most important part of the source article:

Quote

ESET researchers have discovered a Linux variant of the KillDisk malware that was used in Ukraine in attacks against the country’s critical infrastructure in late 2015 and against a number of targets within its financial sector in December 2016.

http://www.welivesec...m-cant-decrypt/

These were targeted attacks from 2015 and 2016

View PostV.T. Eric Layton, on 05 January 2017 - 04:22 PM, said:

I'm not an expert, but I'd really like to know two things right off...
  • How does the malware install itself in Linux systems?
  • How does it encrypt files/directories that are in the root domain without root access?
So many of these "Linux virus/malware alerts" are so much FUD and BS most of the time that it makes one wonder what is an isn't BS. The only reason I give credence to the above is because ESET was involved in the discovery.








.

I basically said the same exact thing...
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#5 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 20,806 posts

Posted 05 January 2017 - 09:22 PM

Your comments on the other thread in BATL, Josh, were precisely how I was looking at this. To my knowledge, the only way to modify root files on a Linux installation would be 1) be root or 2) have access to the physical machine (not remote access) to be able to use an externally loaded OS of some sort to mount and manipulate the files that way.

Also, I had not read deeply enough to see the part you pointed out regarding it being a specifically targeted attack back in 2015. Chances are if the hackers were specifically targeting someone/some corporation, etc., they may have already had backdoor access somehow; maybe even physical access (a worker, delivery person, etc.).

Anyway, thanks to Corrine for posting this. It's been interesting.

#6 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,506 posts

Posted 05 January 2017 - 10:21 PM

View PostV.T. Eric Layton, on 05 January 2017 - 09:22 PM, said:

Your comments on the other thread in BATL, Josh, were precisely how I was looking at this. To my knowledge, the only way to modify root files on a Linux installation would be 1) be root or 2) have access to the physical machine (not remote access) to be able to use an externally loaded OS of some sort to mount and manipulate the files that way.

Also, I had not read deeply enough to see the part you pointed out regarding it being a specifically targeted attack back in 2015. Chances are if the hackers were specifically targeting someone/some corporation, etc., they may have already had backdoor access somehow; maybe even physical access (a worker, delivery person, etc.).

Anyway, thanks to Corrine for posting this. It's been interesting.

Agreed :thumbsup: !!!!
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users