Thinking Linux and FreeBSD operating systems will protect against ransomware attacks as Windows OS is usually the preferred target, could become dangerous. The Hive ransomware gang has modified and tweaked its malware to go after non-Windows platforms.
Encryption engines, which are the core aspect of any ransomware, are now partially working on Linux and FreeBSD Operating Systems. Security researchers haven’t experienced the actual payload execution yet. But the development shows operating systems beyond Windows OS are now in the crosshairs of ransomware gangs.
Ransomware gangs evolving beyond targeting Windows Operating Systems:
The Windows Operating System is by far the most preferred target for ransomware and malware. The OS dominates the corporate computing space, and hence, it just makes sense to write malicious code for the same.
Successfully hitting a PC running Windows OS gives malware creators a lot of potential ways to move laterally within a network. As there are a lot more Windows PCs than those running Linux, the latter has mostly been ignored, until recently.
Hive, a ransomware group has been active since at least June 2021. And it has already hit over 30 organizations. The number could be higher as quite a few may have quietly paid the ransom.
— dnwls0719 (@fbgwls245) June 26, 2021
Troubled by the exponential rise in ransomware attacks, governments and businesses around the world are trying multiple methods to bolster networks. One of the suggested and working solutions is to load corporate data and platforms onto the cloud infrastructure.
Cloud service providers such as Google, Amazon, and others have multiple security layers and safeguards to protect against data theft and ransomware.
I would not worry because the Linux variant is flawed and buggy as hell.
— CK's Technology News (@CKsTechNews) October 30, 2021
Even Virtual Machines offer similar benefits. In fact, several enterprise targets have slowly migrated to virtual machines. They reportedly offer easier device management and more efficient use of resources.
As Virtual Machines run on the Linux backend, ransomware operators are now thinking beyond Windows OS.
Rudimentary non-Windows OS Hive ransomware encryptors discovered:
ESET, a popular antivirus and firewall software developer, has discovered new strains of malware that go beyond the Windows Operating System. The Hive Ransomware gang, for example, is now attempting to encrypt computers running Linux and FreeBSD.
The Linux variant isn’t quite ready yet. The samples that ESET recovered, failed to perform encryption successfully. The execution methodology, and options, are quite limited as well.
#ESETresearch has identified Linux and FreeBSD variants of the #Hive #Ransomware. Just like the Windows version, these variants are written in #Golang, but the strings, package names and function names have been obfuscated, likely with gobfuscate. 1/6 pic.twitter.com/dBw0E5pj6r
— ESET research (@ESETresearch) October 29, 2021
The ransomware’s Linux version also fails to trigger the encryption if executed without ROOT privileges. However, the failure is attributed to the ransom note. The encryptor attempts to leave the ransom note on the compromised devices’ root file systems, but cannot.
— Giuliano Liguori (@ingliguori) October 30, 2021
Although the methods appear rudimentary and may fail frequently, the developments are a grim reminder about the progression of ransomware gangs. The malicious code writers have clearly found a lot of financial success by encrypting corporate data and from threatening to release sensitive information, unless paid, preferably in Bitcoin.