It’s all about Erebus Linux Ransomware!
As I’ve discussed in one of my earlier posts that ransomware is demanded by the hackers as they hack or we should say that they encrypt the data of the organization and give access back to the organization after the ransomware is paid by the organization or else they loose their data. The same case of the ransomware is seen in South Korea recently.
What is Erebus Ransomware? How Does it work?
The malicious malware which is used by the hackers is known as Erebus. It is not the first malware which is used to target the Linux systems as well as Linux servers. It can target up to 443 file types. It performs a UAC ( User Account Control ) bypass, a Windows feature that helps prevent unauthorized changes in the system, that allows the ransomware to run with elevated privileges without displaying a UAC prompt.
Erebus threatens to delete the victim’s files within 96 hours unless the ransom is paid, which is 0.085 Bitcoin. There is not only a single version of Erebus. One of its version also deletes shadow copies to prevent victims from recovering their files.
Targeted file types includes:
- Office documents (.pptx, .docx, .xlsx)
- Archives (.zip, .rar)
- Multimedia files (.avi, .mp4)
- Databases (.sql, .mdb, .dbf, .odb)
- Email files (.eml, .msg)
- Website-related and developer project files (.html, .css, .php, .java)
Firstly, It was for the PCs on which Microsoft Window is running. Later on the malware is modified and it works also against Linux based systems.
Nayana gets hacked by the Cyber-Criminals
It is recently reported that one of the web hosting company in South Korea known as Nayana is facing the critical issue at its data center as hackers have hacked their computer’s data. And for the release of their data, they agreed to pay the highest amount of Bitcoin Ransomware which is $1 million ( Bitcoin: a digital payment system invented by unknown programmers in which transactions take place between the users directly, without any mediator). It is believed that, till now, this ransomware is one of the highest amounts which is gone public.
According to the posts on the company’s website, According to the Company’s CEO Hwang Chil-hong, there are 153 Linux servers that were influenced by the hackers. He has agreed to pay 397.6 Bitcoin to release the data of approximately 3400 customers. Initially, they asked for $4.4 million Bitcoin Ransomware.
It seems that Nayana negotiated with the hackers about the demanded ransomware and agreed on $1 million from the previous amount of $4.4 million which is way too high. The organizations have been warned by the security experts, not to pay the ransomware and not to get in negotiations with hackers/cyber criminals. CEO of the company apologized for the customer’s data which is hacked and damaged. He said that the ransomware had hit his bank balance severely.
Protection from the Erebus Malware Attack
Given the dangers to business operations, notoriety, and main concern, undertakings should be proactive in keeping dangers like ransomware under control. There is no silver shot to ransomware like Erebus, which is the reason IT/framework managers have to guard Linux systems from top to bottom and not be reactive because security is a serious concern.
- Applying the standard of a minimum benefit.
- Moving down basic records, Backing up critical files.
- Guaranteeing servers and endpoints are refreshed (or sending virtual fixing)
- Consistently observing the system
- Debilitating or limiting outsider or unverified repositories
- Apply network segmentation and data categorization
For the protection from Erebus Linux Malware, Trend Micro’s risk resistance specialists recommend backing up your records frequently and remaining on top of your security updates will protect your PC from this malware.