[sf-lug] Ransomware threat to Linux servers

Akkana Peck akkana at shallowsky.com
Mon Nov 9 12:33:40 PST 2020


Bobbie Sellers writes:
>     Note that keeping your security up-to-date is the best defense.
> 
> Linux version of RansomEXX ransomware discovered
> 
> This marks the first time a major Windows ransomware strain has
> been ported to Linux to aid hackers in their targeted intrusions.
> 
> <https://www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/>

I get so frustrated by reports of malware, especially ransomeware.
Seems to me that the important part isn't whether it encrypts or
deletes files, or whether it asks for a ransom, but... how does
a system get infected with it in the first place, and how should
one guard against that? And the articles hardly ever bother to
mention that.

The linked Kaspersky page says it's a trojan, apparently an
executable that you'd have to run in order to get infected.
(As root? Or not? I don't see any mention of that.)

So, has it somehow snuck into Debian, Ubuntu, Redhat, Fedora
repositories? Or does this imply that people who run large server
networks are downloading executables from random untrusted sources
and running them? As root?

I wish they'd make these things clearer. I never know when something
is worth worrying about. Am I missing something?

        ...Akkana



More information about the sf-lug mailing list