Lilocked ransomware (Lilu) affects thousands of Linux-based servers

A ransomware strain named Lilocked or Lilu has been affecting thousands of Linux-based servers all over the world since mid-July and the attacks got intensified by the end of August, ZDNet reports

Lilocked ransomware’s first case got noticed when Micheal Gillespie, a malware researcher uploaded a ransomware note on the website, ID Ransomware. This website is used for identifying the name of ransomware from the ransomware note or from the demand specified in the attack. It is still unknown as to how the servers have been breached.

According to a thread on a Russian-speaking forum, attackers might be targeting those systems that are running outdated Exim (email) software. The forum also mentions that the ransomware managed to get root access to servers by “unknown means”.

Read Also: Exim patches a major security bug found in all versions that left millions of Exim servers vulnerable to security attacks

Lilocked doesn’t encrypt system files, but it encrypts a small subset of file extensions, such as JS, CSS, HTML, SHTML, PHP, INI, and other image file formats so the infected servers are running normally. As per the French security researcher, Benkow, Lilocked has encrypted more than 6,700 servers, out of which many have been indexed and cached in Google search results. However, the number of affected servers is much higher. “Not all Linux systems run web servers, and there are many other infected systems that haven’t been indexed in Google search results,” ZDNet reports.

It is easy to identify the servers that have been affected by the ransomware as most of their files are encrypted and they sport a new “.lilocked” file extension.

Image Source: ZDNet

Read Also: Exim patches a major security bug found in all versions that left millions of Exim servers vulnerable to security attacks

The victims are first redirected to a portal on the dark web, where they are asked to enter a key from the ransom note and later are notified that their data has been encrypted. The victims are then asked to transfer 0.03 bitcoin, which is around $325.

To know more about the Lilocked ransomware in detail, head over to ZDNet.

Other interesting news in security

Intel’s DDIO and RDMA enabled microprocessors vulnerable to new NetCAT attack

Endpoint protection, hardening, and containment strategies for ransomware attack protection: CISA recommended FireEye report Highlights

StackRox App integrates into the Sumo Logic Dashboard  for improved Kubernetes security


*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Amrata Joshi. Read the original post at: https://hub.packtpub.com/lilocked-ransomware-lilu-affects-thousands-of-linux-based-servers/