Home Cyber Attack New RansomEXX Ransomware Variant Emerges That Targets Linux Systems
Cyber AttackHacking NewsLatest Cyber Security News | Network Security HackingNews

New RansomEXX Ransomware Variant Emerges That Targets Linux Systems

by Abeerah Hashim
written by Abeerah Hashim
LockBit 3.0 ransomware bounty

After disrupting Windows systems, the RansomEXX ransomware now targets Linux devices. A new RansomEXX ransomware strain has emerged that infects Linux systems, thus expanding target devices.

RansomEXX Ransomware Targeting Linux

In a recent post, researchers from Kaspersky have elaborated on the newly discovered variant from the RansomEXX ransomware family targeting Linux systems.

Specifically, they found a trojan that implements functions from the open-source library mbedtls and encrypts data with 256-bit encryption upon execution.

Moreover, it re-encrypts the AES key every 0.18 seconds, whereas the actual encryption key changes every second. This makes sure that the encrypted data remains undecipherable, compelling the victim to pay for a decryptor.

But, apart from this, the malware exhibits no additional stealth functionalities like anti-analysis capability, C&C communication, and others, unlike most trojans.

Yet, it does bear some similarities with the Windows ransomware variant, hinting at its linkage with RansomEXX.

For instance, both appear to have emerged from the same source code as they resemble overall code layout. Also, they have similar encryption features, as well as the ransom note.

RansomEXX In The Wild

RansomEXX no more remains a new name. It has executed several high-profile attacks since its prominent appearance in June 2020.

The ransomware is particularly notable for targeting Konica Minolta, Texas Dept. of Transportation, and Tyler Technologies. The latter also paid the ransom to get a decryptor.

Besides, the latest victim of RansomEXX turns out to be the Brazilian Superior Court of Justice. The same has been confirmed by Kaspersky as well during their analysis.

So, it seems the ransomware gang has simply expanded its radius of attack with this step. Given how security freaks rely on Linux, devising dedicated Linux trojans doesn’t seem weird.

A while ago, a peculiar ransomware Tycoon surfaced online that could simultaneously target Windows and Linux alike.

Likewise, another malware Lucifer, that initially emerged as a Windows malware, turned its focus to Linux later on.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...