[sf-lug] South African Linux sites experiencing Ransomware attacks

Bobbie Sellers bliss-sf4ever at dslextreme.com
Thu Sep 12 14:09:14 PDT 2019 


On 9/12/19 1:37 PM, aaronco36 wrote:
> Bobbie Sellers <bliss-sf4ever at dslextreme.com> wrote at [1]:
>> So this isn't some kind of dire emergency situation that
>> ordinary Linux desktop users need to worry about. It may
>> possible affect your email service provider's server
>> however, unless their sysadmins are keeping up with the
>> latest security notices and patching their servers
>> accordingly as they should be doing.
>
> Thanks for your brief warning and qualification on this, Bobbie!

     No big thing.  After all Rick Moen says that it is a *phoney* warning.
     Doubtless he is correct.
     If I was as well informed as Rick I would probably not post about
these things but when I do he is able to tear them to pieces saving
me much concern.

>
> The FOSSBYTES webpage 'Thousands Of Linux Servers Infected By Lilu 
> (Lilocked) Ransomware'[2] confirms the above advice when it writes 
> "You might evade this attack by keeping strong passwords and updating 
> the apps as and when security patches arrive."
> That would likely include updating or perhaps replacing the "defunct 
> Exim software".
> Note that Lilock ransomware does not affect system files but files 
> with extensions including HTML, SHTML, JS, CSS, PHP, INI, and other 
> image formats. Since system files are not affected, Linux systems are 
> running normally.
>
> The SecurityIntelligence webpage 'Lilocked Ransomware Infects 
> Thousands of Linux Servers to Encrypt Files'[3] also follows-thru on 
> this along the lines of what Rick M wrote much more expansively at [4] 
> from the following quote:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Security professionals can help defend their organizations against 
> Lilocked ransomware by having a data backup strategy that enables 
> backup accounts to access production systems, yet blocks production 
> accounts from writing to any type of backup. Companies should link 
> this backup strategy to a sophisticated data-centric solution that 
> blends encryption, access controls and other security measures, 
> thereby narrowing the attack surface for threats like ransomware.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> -A
>
>
> ======================================================
> References
> ======================================================
> [1]http://linuxmafia.com/pipermail/sf-lug/2019q3/014360.html
> [2]https://fossbytes.com/lilocked-ransomware-infected-linux-servers/
> [3]https://fossbytes.com/lilocked-ransomware-infected-linux-servers/
> [4]http://linuxmafia.com/pipermail/sf-lug/2019q3/014361.html
> ======================================================
>
> aaronco36 at sdf.org
> -------
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/
     Bobbie Sellers

More information about the sf-lug mailing list