Linux Ransomware Debut Fails on Predictable Encryption Key (Bitdefender Labs)

Bitdefender Labs takesa look at Linux.Encoder.1 ransomware. "Linux.Encoder.1 isexecuted on the victim's Linux box after remote attackers leverage a flawin the popular Magento content management system app. Once executed, theTrojan looks for the /home, /root and /var/lib/mysql folders and startsencrypting their contents. Just like Windows-based ransomware, it encryptsthe contents of these files using AES (a symmetric key encryptionalgorithm), which provides enough strength and speed while keeping systemresources usage to a minimum. The symmetric key is then encrypted with anasymmetric encryption algorithm (RSA) and is prepended to the file, alongwith the initialization vector used by AES." Once the files areencrypted the hackers demand a fee in exchange for the RSA private key todecrypt the AES symmetric one. However, Bitdefender researchers were ableto recover the AES key without having to decrypt it with the RSA privatekey. One can also thwart this threat with some good backups. (Thanks to Richard Moore)