Erebus Ransomware Infects on Linux Server
CyberSecurity firm Trend Micro found Malware "Erebus" that infect to Linux based servers. Also have been responsible for hijacking 153 Linux based networks of a South Korean web hosting company NAYANA.
According to TrendMicro report, Erebus Malware found in last September 2016. It was the part of Malvertising. Once the visitors click on Ad, their system gets infected with Malware. Erebus variant targets 423 file types, scrambles files with RSA-2048 encryption algorithm, and appends the affected files with the .ecrypt extension. This version of Erebus was observed using compromised websites in South Korea as its command and control (C&C) servers.
But now Cybercriminals convert Erebus into paying the ransom successfully. The Latest version of Erebus Ransomware can infect the system and demand to paying 0.085BTC in Ransom. Also gives warning, that if the ransom did not paid then they can delete the files in 96hrs.
Erebus targets 433 file types, some of which include:
- Office documents (.pptx, .docx, .xlsx)
- Databases (.sql, .mdb, .dbf, .odb)
- Archives (.zip, .rar)
- Email files (.eml, .msg)
- Website-related and developer project files (.html, .css, .php, .java)
- Multimedia files (.avi, .mp4)
We are all known Linux is a secure operating system, from servers and databases to website and mobile devices. Web Hosting companies are also running on Linux Machine. Erebus is not the first ransomware which able to infect networks running on Linux Machine.
Linux.Encoder, Encryptor RaaS, a version of KillDisk, Rex, Fairware, and KimcilWare are all capable of targeting machines running on Linux. In fact, Linux ransomware emerged as early as 2014, and were offshoots of open-source projects supposedly designed for educational purposes. SAMSAM, Petya, and Crysis ransomware are just some of the families known to target and breach servers.
How to protect?
- Always keep the system and server updated.
- Back up your files to the different location.
- Avoid or minimize adding third-party or unknown repositories or packages. This limits the vulnerabilities attackers can use as entry points into the server or system. The risks can be further lessened by removing or disabling unnecessary components or services in the server.
- Apply the principle of least privilege. Linux’s privilege separation provides a way to restrict the modifications a program can make to the system. Restricting permissions/privileges also helps mitigate exposure and further damage as well as prevent unauthorized use. IT/system administrators can consider using extensions that implement mandatory policies that manage the extent of access a program can have to a system file or network resource.
- Keep proactively monitor and validate your network traffic. Protecting the network against threats is a must for any enterprise. Deploying intrusion detection and prevention systems (IDS) as well as firewalls helps identify, filter, and block traffic, which can indicate a malware infection. Event logs provide forensic information that can help IT/system administrators detect incursion attempts and actual attacks.