After disrupting Windows systems, the RansomEXX ransomware now targets Linux devices. A new RansomEXX ransomware strain has emerged that infects Linux systems, thus expanding target devices.
RansomEXX Ransomware Targeting Linux
In a recent post, researchers from Kaspersky have elaborated on the newly discovered variant from the RansomEXX ransomware family targeting Linux systems.
Specifically, they found a trojan that implements functions from the open-source library mbedtls and encrypts data with 256-bit encryption upon execution.
Moreover, it re-encrypts the AES key every 0.18 seconds, whereas the actual encryption key changes every second. This makes sure that the encrypted data remains undecipherable, compelling the victim to pay for a decryptor.
But, apart from this, the malware exhibits no additional stealth functionalities like anti-analysis capability, C&C communication, and others, unlike most trojans.
Yet, it does bear some similarities with the Windows ransomware variant, hinting at its linkage with RansomEXX.
For instance, both appear to have emerged from the same source code as they resemble overall code layout. Also, they have similar encryption features, as well as the ransom note.
RansomEXX In The Wild
RansomEXX no more remains a new name. It has executed several high-profile attacks since its prominent appearance in June 2020.
Besides, the latest victim of RansomEXX turns out to be the Brazilian Superior Court of Justice. The same has been confirmed by Kaspersky as well during their analysis.
So, it seems the ransomware gang has simply expanded its radius of attack with this step. Given how security freaks rely on Linux, devising dedicated Linux trojans doesn’t seem weird.
A while ago, a peculiar ransomware Tycoon surfaced online that could simultaneously target Windows and Linux alike.
Likewise, another malware Lucifer, that initially emerged as a Windows malware, turned its focus to Linux later on.