1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This dangerous Windows ransomware is now going after Linux networ

    From TechnologyDaily@1337:1/100 to All on Fri Mar 10 18:30:03 2023
    This dangerous Windows ransomware is now going after Linux networks too

    Date:
    Fri, 10 Mar 2023 18:09:28 +0000

    Description:
    IceFire spotted targeting Linux devices as researchers warn of a growing trend.

    FULL STORY ======================================================================

    A new version of a dangerous Windows ransomware has been observed targeting Linux devices, cybersecurity researchers have revealed.

    What's even more concerning is that the threat actors have made thoughtful choices to make sure the Linux strain targets the right devices and the right vulnerabilities.

    In a press release, cybersecurity researchers from SentinelLabs confirmed
    they had seen a Linux version of IceFire ransomware for the first time. This variant has been dubbed iFire, and it targets a deserialization vulnerability in IBM Aspera Faspex file sharing software, tracked as CVE-2022-47986. Big game hunting

    But this is not the only surprising development when it comes to IceFire. The researchers have also found the threat actor targeting businesses in the
    media and entertainment sectors in countries like Turkey, Iran, Pakistan, and the United Arab Emirates - countries which are typically not a focus for organized ransomware actors.

    Instead, the threat actors considered IceFire a Windows-centric threat group going for big-game hunting - targeting large enterprises with double
    extortion tactics, using countless persistence mechanisms, and evading analysis by deleting log files.

    Compared to Windows, Linux is a more difficult operating system to infect
    with ransomware, the researchers added, also saying that this is particularly difficult to pull off at scale. Read more

    You're a ransomware victim: Here's 5 things you should do


    The 10 worst ransomware attacks ever


    Check out the best malware removal right now

    Many Linux systems are servers, they say. Typical infection vectors like phishing or drive-by download are less effective. To overcome this, actors turn to exploiting application vulnerabilities, as the IceFire operator demonstrated by deploying payloads through an IBM Aspera vulnerability.

    Still, despite the challenges, threat actors are increasingly looking to deploy ransomware to Linux devices, the reserachers conclude, saying that the evolution of IceFire is just another argument proving the case. The
    groundwork for Linux-targeting ransomware was laid in 2021, they said, but
    the trend accelerated in 2022 with BlackBasta, Hive, Qilin, ViceSociety, and others, started targeting the operating system, as well. Here's our rundown
    of the best endpoint protection services right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-dangerous-windows-ransomware-is-now-going- after-linux-networks-too


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)