Linux and FreeBSD Operating Systems are new targets of ransomware operators: ‘Hive’ gang tweaks malware to expand net of operations beyond Windows OS

Hive Ransomware Linux FreeBSD Windows OS
Linux and FreeBSD in the crosshairs of ransomware gangs. Pic credit: Christiaan Colen/Flickr

Thinking Linux and FreeBSD operating systems will protect against ransomware attacks as Windows OS is usually the preferred target, could become dangerous. The Hive ransomware gang has modified and tweaked its malware to go after non-Windows platforms.

Encryption engines, which are the core aspect of any ransomware, are now partially working on Linux and FreeBSD Operating Systems. Security researchers haven’t experienced the actual payload execution yet. But the development shows operating systems beyond Windows OS are now in the crosshairs of ransomware gangs.

Ransomware gangs evolving beyond targeting Windows Operating Systems:

The Windows Operating System is by far the most preferred target for ransomware and malware. The OS dominates the corporate computing space, and hence, it just makes sense to write malicious code for the same.

Successfully hitting a PC running Windows OS gives malware creators a lot of potential ways to move laterally within a network. As there are a lot more Windows PCs than those running Linux, the latter has mostly been ignored, until recently.

Hive, a ransomware group has been active since at least June 2021. And it has already hit over 30 organizations. The number could be higher as quite a few may have quietly paid the ransom.

Troubled by the exponential rise in ransomware attacks, governments and businesses around the world are trying multiple methods to bolster networks. One of the suggested and working solutions is to load corporate data and platforms onto the cloud infrastructure.

Cloud service providers such as Google, Amazon, and others have multiple security layers and safeguards to protect against data theft and ransomware.

Even Virtual Machines offer similar benefits. In fact, several enterprise targets have slowly migrated to virtual machines. They reportedly offer easier device management and more efficient use of resources.

As Virtual Machines run on the Linux backend, ransomware operators are now thinking beyond Windows OS.

Rudimentary non-Windows OS Hive ransomware encryptors discovered:

ESET, a popular antivirus and firewall software developer, has discovered new strains of malware that go beyond the Windows Operating System. The Hive Ransomware gang, for example, is now attempting to encrypt computers running Linux and FreeBSD.

The Linux variant isn’t quite ready yet. The samples that ESET recovered, failed to perform encryption successfully. The execution methodology, and options, are quite limited as well.

The ransomware’s Linux version also fails to trigger the encryption if executed without ROOT privileges. However, the failure is attributed to the ransom note. The encryptor attempts to leave the ransom note on the compromised devices’ root file systems, but cannot.

Although the methods appear rudimentary and may fail frequently, the developments are a grim reminder about the progression of ransomware gangs. The malicious code writers have clearly found a lot of financial success by encrypting corporate data and from threatening to release sensitive information, unless paid, preferably in Bitcoin.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x

Warning: Undefined variable $posts in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309

Warning: Trying to access array offset on value of type null in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309

Warning: Attempt to read property "post_author" on null in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309