Ransomware Actors Are Finding New Ways To Target Linux

THE AUTHOR

Cary Kostka
June 22, 2022

Ransomware Actors Are Finding New Ways To Target Linux

Once upon a time, Linux was thought of as being the most secure from ransomware of all operating systems. This reputation stemmed from its relatively low adoption rate when compared to Microsoft Windows, and the lack of Linux-based programming skills within the general IT community.

However, ransomware developers have an uncanny knack for quickly bounding ahead, and have done so with Linux. The days of Linux being thought of as relatively immune from attack are quickly fading, as attack vectors into the many flavors of this OS begin to spike.

Code Diversity Spells Trouble for Linux Admins

New coding techniques are being used by ransomware developers that allow for quicker turnarounds for the targeting of security flaws. In turn, this provides quicker service for Ransomware-as-a-Service (RaaS) providers so that actors can take advantage of patching cycles or, even worse, the false lull of security that some Linux users still feel.

RaaS providers have taken notice and are addressing their shortcomings in the Linux arena. This is bad news for Linux users. Developers are building products based on specific flavors of Linux, such as RedHat and Ubuntu, and are offering many of the same benefits that Mac-based or Windows-based RaaS customers now have at their fingertips.

The diversity of code being created to exploit different versions of Linux still stick to the proven social engagement techniques used against other platforms. This makes the pillars of education and security best practices the best initial mitigation steps against the expansion of ransomware code.

Virtualization Dependencies Adding Fuel to the Fire

The growing dependency on virtualized environments, both from a user and IoT perspective, has also triggered a growth in Linux-based ransomware incidents. Again, the promise of high security comes into play with these, as do the potential holes in public and hybrid cloud configurations, all serving to pave the way for an increased volume of attacks against Linux-based devices.

Several factors, though not necessarily impactful to just Linux devices, are contributing to the rise in Linux-based ransomware targets. These include:

  • Virtual machines (VMs) and/or supporting stacks not being turned off when not being used
  • Expanded use of templates or broad policies, such as Azure Resource Manager and Blueprints, make systems easier to predict
  • Improper usage of horizontal and vertical VM scaling
  • Incorrectly managed shared responsibilities with cloud provider. For example, managing a PaaS model infrastructure as if it were an IaaS infrastructure

The system-wide templates offered by cloud providers reproduce the same flaws in the original to every virtual device created using them. By producing these flaws, attackers can quickly inject malicious code into multiple systems for later execution. Making maters worse, data replication across virtual devices can lead to widespread damage, including the corruption of core hypervisors.

It’s safe to say that Linux administrators must now remain just as vigilant as their Mac or Windows-based colleagues. Although ransomware attackers may have taken the Linux world by surprise, the same core best practices still apply to head off a would-be attack and keep Linux-based systems running with limited risk of compromise.

Sign Up For Our Newsletter

Don't worry, we hate spam too!

Other Articles You May Be Interested In:

Get Help Preparing For; Preventing;

Or Recovering From Ransomware Now

Get The Latest On Ransomware 
Right In Your Inbox

Sign Up To Receive Our 
Monthly Ransomware Newsletter

envelope linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram