Linux Networks Now Targeted by Windows Ransomware


(Image credit: Pixabay)

Linux Devices Targeted by New Version of Dangerous Ransomware

Cybersecurity researchers have discovered a new version of a dangerous Windows ransomware that is now targeting Linux devices. The threat actors behind the ransomware have made “thoughtful choices” to ensure that the Linux strain targets the right devices and vulnerabilities.

IceFire Ransomware

The cybersecurity researchers from SentinelLabs have confirmed that they have seen a Linux version of the IceFire ransomware for the first time. This variant, dubbed iFire, targets a deserialization vulnerability in IBM Aspera Faspex file sharing software, tracked as CVE-2022-47986.

Big Game Hunting

The researchers have also found the threat actor targeting businesses in the media and entertainment sectors in countries like Turkey, Iran, Pakistan, and the United Arab Emirates. These countries are typically not a focus for organized ransomware actors. Instead, the threat actors considered IceFire a Windows-centric threat group going for “big-game hunting” – targeting large enterprises with double extortion tactics, using countless persistence mechanisms, and evading analysis by deleting log files.

Compared to Windows, Linux is a more difficult operating system to infect with ransomware. The researchers added that this is particularly difficult to pull off at scale. “Many Linux systems are servers,” they say. “Typical infection vectors like phishing or drive-by download are less effective. To overcome this, actors turn to exploiting application vulnerabilities, as the IceFire operator demonstrated by deploying payloads through an IBM Aspera vulnerability.”

Despite the challenges, threat actors are increasingly looking to deploy ransomware to Linux devices. The researchers conclude that the evolution of IceFire is just another argument proving the case. The groundwork for Linux-targeting ransomware was laid in 2021, but the trend accelerated in 2022 with BlackBasta, Hive, Qilin, ViceSociety, and others, started targeting the operating system, as well.

Best Endpoint Protection Services

  • Here’s our rundown of the best endpoint protection services right now

Sign up to the Tech Leaks newsletter to get all the top news, opinion, features, and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Leave A Reply

Your email address will not be published. Required fields are marked *

Related Posts

No Content Available