[sf-lug] South African Linux sites experiencing Ransomware attacks

aaronco36 aaronco36 at SDF.ORG
Thu Sep 12 13:37:37 PDT 2019 

Bobbie Sellers <bliss-sf4ever at dslextreme.com> wrote at [1]:
> So this isn't some kind of dire emergency situation that
> ordinary Linux desktop users need to worry about. It may
> possible affect your email service provider's server
> however, unless their sysadmins are keeping up with the
> latest security notices and patching their servers
> accordingly as they should be doing.

Thanks for your brief warning and qualification on this, Bobbie!

The FOSSBYTES webpage 'Thousands Of Linux Servers Infected By Lilu 
(Lilocked) Ransomware'[2] confirms the above advice when it writes "You 
might evade this attack by keeping strong passwords and updating the apps 
as and when security patches arrive."
That would likely include updating or perhaps replacing the "defunct Exim 
software".
Note that Lilock ransomware does not affect system files but files with 
extensions including HTML, SHTML, JS, CSS, PHP, INI, and other image 
formats. Since system files are not affected, Linux systems are running 
normally.

The SecurityIntelligence webpage 'Lilocked Ransomware Infects Thousands of 
Linux Servers to Encrypt Files'[3] also follows-thru on this along the 
lines of what Rick M wrote much more expansively at [4] from the following 
quote:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Security professionals can help defend their organizations against 
Lilocked ransomware by having a data backup strategy that enables backup 
accounts to access production systems, yet blocks production accounts from 
writing to any type of backup. Companies should link this backup strategy 
to a sophisticated data-centric solution that blends encryption, access 
controls and other security measures, thereby narrowing the attack surface 
for threats like ransomware.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-A


======================================================
References
======================================================
[1]http://linuxmafia.com/pipermail/sf-lug/2019q3/014360.html
[2]https://fossbytes.com/lilocked-ransomware-infected-linux-servers/
[3]https://fossbytes.com/lilocked-ransomware-infected-linux-servers/
[4]http://linuxmafia.com/pipermail/sf-lug/2019q3/014361.html
======================================================

aaronco36 at sdf.org
-------

More information about the sf-lug mailing list