The IT security researchers at Trend Micro recently discovered malware that has the potential to infect Linux-based servers. The malware, called Erebus, has been responsible for hijacking 153 Linux-based networks of a South Korean web-hosting company called NAYANA.
Erebus is a ransomware capable of infecting Linux operating systems. As such, around 3,400 of NAYANA’s clients were affected due to the attack with databases, websites and other files being encrypted.
The incident took place on 10th June. As of now, NAYANA has not received the keys to decrypt their files despite having paid three parts of the ransom. The fourth one, which is allegedly the last installment, is yet to be paid. However, according to NAYANA, the attackers claimed to provide the key after three payments.
According to Trend Micro’s report, Erebus was originally found back in September 2016. At the time, the malware was not that harmful and was being distributed through malware-containing advertisements. Once the user clicked on those ads, the ransomware would activate in the usual way.
The initial version of the Erebus only affected 423 file types and did so using the RSA-2048 encryption algorithm, thereby encrypting the files with the .encrypt extension. Furthermore, it was this variant that was using a number of websites in South Korea as a command-&-control (C&C) center.
Later, in February 2017, the malware had seemingly evolved as now it had the ability to bypass User Account Control (UAC). For those who may be unfamiliar with UAC, it is primarily a Windows privacy protection system that restricts anyone who is not authorized, to alter the user’s computer.
However, this later version of the Erebus was able to do so and inject ransomware ever so conveniently. The campaign in which this version was involved demanded a ransom of 0.085 bitcoins – equivalent to USD 216 at present – and threatened to delete the files in 96 hours if the ransom was not paid.
Now, however, Erebus has reached new heights by having the ability to bypass not only UAC but also affect entire networks that run on Linux. Given that most organizations today use Linux for their networks, it is no surprise to see that the effects of the malware are far-reaching.