Linux Ransomware

A few people have asked me over the past week whether or not Linux is susceptible to ransomware attacks. While the answer is fairly straight forward, let’s go over a couple things here first.

First, the whole idea of ransomware is to go after a large group of users / machines to get the biggest payday. Right now, that large group is users running end-of-life or out of date Windows machines. They’re also a good target because a large percentage of them are not making timely backups of their files, which means they’re very likely to pay a minimal bounty of (US)$300-600 to get their only copy of their data back.

How does ransomware work?

Common ransomware (like the infamous wannacry variant that ran rampant last week) infects the system like a virus. It then encrypts data on the machine and alerts the user that they need to pay a ransom, usually bitcoin, in order to get a key to decrypt their files. If they don’t pay, then they can’t use their system anymore unless they wipe and reinstall… losing all of their data in the process.

Again, these ransomware authors are looking for the biggest payday, so they’ll write software for what they believe is the biggest market. That’s currently Windows software.

So, no ransomware for Linux then?

Well, there has been some out there, probably the most well known being Linux.Encoder.1 (see Wikipedia article here). The original version of the software would target an exploit in Magento software, then get in and encrypt files on the web server. Other more recent versions/variants use either vulnerabilities in web software or brute force ssh logins to gain access to the server in order to encrypt data. They’ll target things like the user’s home directory as well as anything with the word backup in it.

Thing is, most webmasters / server admins have backups of the data so it just ends up being a big pain in the ass to restore the data, but nothing that’s going to cripple the business.

So, i’m safe on my desktop then?

If you’re running a Linux desktop on a private network, keep it updated and don’t stick random flash drives into it, I wouldn’t worry at all about ransomware. I certainly don’t.

You’re 100x safer running Linux than you would be running any Windows variant IMO. Well, at least until Linux overtakes Windows on the desktop