According to the security firm and antivirus provider Kaspersky, it was recently discovered that a Linux version of the popular RansomExx ransomware has just marked the very first major Windows ransomware strain that has ever been ported to Linux. c, according to Malpedia, is said to be a relatively new ransomware strain spotted for the very first time earlier in June of this year.
Ransomware targets government through Linux
The said ransomware has been utilized in attacks directly against the Texas Department of Transportation, US gov’t contractor Tyler Technologies, Konica Minolta, Montreal’s public transportation system, and even Brazil’s own court system STJ, according to a Twitter post by Adriana Antunes Winkler @driwaldorf.
RansomExx is said to be what security researchers are calling the “big-game hunter” or the “human-operated ransomware.” The two terms are actually used to describe different ransomware groups that intentionally hunt large targets in hopes of landing bigger paydays. This works as a regular ransom as most of the targeted companies cannot function without their systems.
New approach may change ransomware forever
The groups either buy access or might even breach the network themselves, expand access to just as many systems as they can. After this, they manually deploy their very own ransomware binary as part of the final stage to stop just as much of the target’s entire infrastructure as they can. Over the past year, however, there has actually been a sort of paradigm shift regarding how these groups particularly operate.
There have been a number of ransomware gangs that have come to realize that attacking the main workstations first is not quite a lucrative deal since these companies still tend to re-image the affected systems and also move on without needing to pay its ransoms. In the most recent months, some of the known gangs haven’t even bothered encrypting the workstations and have now targeted the crucial servers inside the company’s own network.
Linux becoming the target of other ransomware gangs
The RansomEXX gang’s act of creating a Linux version of the said Windows ransomware is still in tune with how a number of companies are operating today. A lot of firms are actually running their internal systems directly on Linux instead of on a Windows Server.
According to the story reported by ZDNet, this move by RansomExx might soon turn out to become an industry-defining trend. This means that there is a possibility of other huge ransomware groups all rolling out their own Linux version of ransomware some time in the future.
The trend has allegedly already begun according to another cyber-security firm called the Emsisoft, aside from just RansomExx, the known Mespinoze (Pysa) ransomware gang allegedly has also started developing their own Linux variant from the said initial Windows version.