[sf-lug] South African Linux sites experiencing Ransomware attacks.
Bobbie Sellers
bliss-sf4ever at dslextreme.com
Wed Sep 11 21:29:13 PDT 2019
Hi LUGers.
This is the article ..../A new form of ransomware called Lilocked (or
Lilu) has been targeting
Linux servers and encrypting website files, asking for a Bitcoin ransom
to get these files back./
/Link to the full article:
-
https://mybroadband.co.za/news/security/319373-south-african-websites-hit-by-new-lilocked-ransomware.html
Here's the actual vulnerability that permits the ransomware to run as
root and encrypt the files:
<http://exim.org/static/doc/security/CVE-2019-15846.txt>
It affects only mail servers using Exim that also have TLS enabled. Exim
comes with TLS disabled
by default but many distros' packages configure it as enabled.
So this isn't some kind of dire emergency situation that ordinary Linux
desktop users need to
worry about. It may possible affect your email service provider's server
however, unless their
sysadmins are keeping up with the latest security notices and patching
their servers accordingly
as they should be doing.
FYI
bliss
/
More information about the sf-lug
mailing list