Linux Devices Targeted by New Version of Dangerous Ransomware
Cybersecurity researchers have discovered a new version of a dangerous Windows ransomware that is now targeting Linux devices. The threat actors behind the ransomware have made “thoughtful choices” to ensure that the Linux strain targets the right devices and vulnerabilities.
The cybersecurity researchers from SentinelLabs have confirmed that they have seen a Linux version of the IceFire ransomware for the first time. This variant, dubbed iFire, targets a deserialization vulnerability in IBM Aspera Faspex file sharing software, tracked as CVE-2022-47986.
Big Game Hunting
The researchers have also found the threat actor targeting businesses in the media and entertainment sectors in countries like Turkey, Iran, Pakistan, and the United Arab Emirates. These countries are typically not a focus for organized ransomware actors. Instead, the threat actors considered IceFire a Windows-centric threat group going for “big-game hunting” – targeting large enterprises with double extortion tactics, using countless persistence mechanisms, and evading analysis by deleting log files.
Compared to Windows, Linux is a more difficult operating system to infect with ransomware. The researchers added that this is particularly difficult to pull off at scale. “Many Linux systems are servers,” they say. “Typical infection vectors like phishing or drive-by download are less effective. To overcome this, actors turn to exploiting application vulnerabilities, as the IceFire operator demonstrated by deploying payloads through an IBM Aspera vulnerability.”
Despite the challenges, threat actors are increasingly looking to deploy ransomware to Linux devices. The researchers conclude that the evolution of IceFire is just another argument proving the case. The groundwork for Linux-targeting ransomware was laid in 2021, but the trend accelerated in 2022 with BlackBasta, Hive, Qilin, ViceSociety, and others, started targeting the operating system, as well.
Best Endpoint Protection Services
- Here’s our rundown of the best endpoint protection services right now