How to deal with ransomware on Linux (and MacOS)

deal with ransomware on linux
20 Oct, 2022 1135 Views
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Ransomware on Linux

For years Ransomware on Linux, and its close relative, MacOS, were lauded for the high degree of security they offered compared to Windows. This may still be true to some extent but if it is, the gap is closing. To be fair, part of the reason for this is because Microsoft has put serious effort into improving the security of Windows. The other part of the reason, however, is that the nature of malware is changing and making Ransomware on Linux and MacOS more tempting targets. With that in mind, here is what you need to know about ransomware on Linux.

How Ransomware on Linux occurs?

At present, the main threat is Ransomware on Linux comes from Lilu/Lilocked

Lilu, also known as Lilocked, is believed to have emerged sometime around mid-July 2019. It follows the standard template of encryption ransomware. At present, however, it only seems to be capable of encrypting media files e.g. CSS, HTML, JS, PHP, and image files. Unlike its counterparts for Windows, it does not currently appear to be able to encrypt system files.

There is also a variant of KillDisk which contains a pseudo-ransomware function

KillDisk has long been known as disk-wiping malware ransomware, in any case, there is a newer variant of it, which encrypts data and sends a ransom message. At the show, in any case, it is believed that the Ransomware on the Linux variant of KillDisk makes an encryption key that is neither stored nor transmitted to the cybercriminals behind it. If usually true, then it means that paying the ransom would be a very expensive waste of time.

Ransomware on Linux


MacOS has been attacked by Patcher and KeRanger

Both of these are known threats and Apple has taken action against them as have the cybersecurity companies. That said, when a threat is successful, more threats tend to follow. The simple fact of the matter is that Macs are premium devices and therefore tend to be bought by people who are likely to have the money to pay off extortionists.

Malware threats, Ransomware on Linux and MacOS have been on the increase

In IT circles, 2019 may go down as the year ransomware malware finally came for Ransomware on Linux. It saw attacks from EvilGnome (spyware), GoLang (a cryptojacker), Hiddenwasp (a trojan) Silex (a bricking worm), and Zombieload (spyware). Ransomware Malware attacks on MacOS have been around for decades, but have definitely seen a noticeable increase over recent years.

Protecting against ransomware on Linux and MacOS

The good news for Ransomware on Linux and MacOS users is that the same precautions which protect Windows users can also protect users of Ransomware on Linux and MacOS. These start with proper security software including an anti-malware tool (with an email scanner if relevant) and a firewall. Additionally, you need to make sure that your operating system and applications are promptly updated.

It’s impossible to overstate the importance of this in the Windows environment and it’s at least as important in the Ransomware on Linux and MacOS environments. To be blunt, updates can be one area where Ransomware on Linux users are at a significant disadvantage compared to users of MacOS and Windows.

In the event that you use open-source software, you either need to wait for someone else to develop an update to fix an issue or do it yourself. For this reason, it can be safer to use Ransomware on a Linux distro where there is some form of commercial support, but the onus is still on you to apply the overhauls no matter how busy you’re. If you can’t manage this, at that point you need to find a managed IT services vendor who can deal with it for you.

Additionally, you need solid protocols for usage and you need a process for ensuring that these are reviewed and, if necessary, updated regularly. The fact that Ransomware on Linux is mainly used for servers means that there is less likely to be an issue with users innocently blundering onto compromised websites or downloading malicious files when they open an email attachment. There is, however, much more scope for admin users to make mistakes, or, bluntly, to infect a server on purpose, hence access controls are essential.

Data backups are your last line of defense against ransomware on Linux

You never want to go through the hassle of dealing with a ransomware attack, but it can be a whole lot less frustrating if you know that you can safely ignore the ransom demand itself because you have a data backup from which you can restore. Remember, however, that any device which is internal or attached to the server can also be compromised by Ransomware on Linux, especially if you run an automated data backup to it. This means that you absolutely must have a (second) data backup which is kept disconnected from your server.

Please click here now to start your free 30-day trial of Xcitium AEP.

Related Resources