Well, this is bad news to end the week on:
Researchers have discovered a Linux variant of the KillDisk ransomware, which itself is a new addition to the KillDisk disk wiper malware family, previously used only to sabotage companies by randomly deleting data and altering files.
To this point, Linux machines have been relatively safe from virus and malware authors. I say, relatively, because completely safe from this stuff just doesn’t exist.
A Linux variant of the dreaded ransomware, is a brand new and terrifying happening though. In case you’re not aware, ransomware is a nasty piece of work that encrypts a your files or a portion of your system and holds it for ransom. In the screen shot above, the ransom is 222 bitcoins or $260,000CAD. That ain’t peanuts.
This one targets these folders down to a depth of 17 folders:
/boot /bin /sbin /lib/security /lib64/security /usr/local/etc /etc /mnt /share /media /home /usr /tmp /opt /var /root
Your entire system. Gone unless you pony up $260k. But, is that really the goal? Most of the Windows ransomware demands have been for amounts under $1k. I agree with the author. The ransomware is a smokescreen:
In all attacks, BlackEnergy had used KillDisk to destroy computers and erase evidence of their attacks, perpetrated with other malware families.
The newly added ransomware features may be another way to mask their attacks, with companies thinking they might have been hit by ransomware, and not investigate the intrusions for other clues.