LiLocked Ransomware hits Linux Servers


A new kind of Ransomware variant is reportedly being circulated by hackers on the web and researchers have given it a name as Lilocked ransomware while the developers have dubbed it as Lilu ransomware.

According to a report released by Finland based Cybersecurity Firm F-secure the ransomware has so far infected only Linux servers and is known to lock the data files with .lilocked extension.

Currently, the ransomware infection rate is stable as it has not captured the database of large multinational companies yet. But a report from Google blog says that the file-encrypting malware has succeeded in gripping more than 6000 servers till date.

Marian Wozniak from F-Secure reported that the hackers are gaining access to Linux based web servers by using Exim exploit and outdated WordPress installations.

Hackers are demanding a small amount of $300 worth Bitcoins or Electrum in exchange for the decryption key. But if their demands are left unheard even after 7 days, then the developers are promising serious trouble of deleting the files forever.

As a sign of relief, Lilu Ransomware doesn’t encrypt system files; but only a small subset of file extensions such as HTML, JS, CSS, PHP, INI, SHTML and all image formats.

Note 1- Ransomware- A ransomware is a kind of malware which encrypts data files until a ransom is paid. Some ransomware variants are known to delete files as well only if the victim fails to pay the ransom in time.

Note 2-In October last year, FBI has urged victims not to bow down to the demands of hackers as it not only encourages crime but also doesn’t guaranty a return of the decryption key after paying the ransom.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display