Darkside RaaS in Linux version

Executive summary
AT&T Alien Labs recently analyzed the Linux version of the Darkside ransomware, one of the most active ransomware in the last quarter. Shortly after hitting Colonial Pipeline, Darkside developers announced they would be closing operations.
Key Points:
Unlike common Linux ransomwares which mostly zip files with a password, Darkside encrypts files using crypto libraries. This likely makes recovery impossible without the encryption key, if properly implemented.
Background
Linux and UNIX servers have always been a preferred option for servers and data centers, likely due to the small attack surface of the servers, tight configurations, and lack of user interaction. However, they are often set up and then forgotten, left without detection or protection mechanisms. This makes them very attractive to attackers. By infecting unprotected virtualization servers, attackers can perform devastating attacks on companies, taking down all the services of a company with a single infection.
First…

Posted by: Ofer Caspi

Read full post

      

The post Darkside RaaS in Linux version appeared first on Cybersecurity Insiders.

June 22, 2021 at 09:10PM

Posted in: Cyber Security, Cybersecurity Insiders, Hacking, Hacking Articles, Hacking News, Security