Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Lilocked ransomware (Lilu) affects thousands of Linux-based servers

Save for later
  • 3 min read
  • 13 Sep 2019

article-image
A ransomware strain named Lilocked or Lilu has been affecting thousands of Linux-based servers all over the world since mid-July and the attacks got intensified by the end of August, ZDNet reports

Lilocked ransomware’s first case got noticed when Micheal Gillespie, a malware researcher uploaded a ransomware note on the website, ID Ransomware. This website is used for identifying the name of ransomware from the ransomware note or from the demand specified in the attack. It is still unknown as to how the servers have been breached.

https://twitter.com/demonslay335/status/1152593459225739265

According to a thread on a Russian-speaking forum, attackers might be targeting those systems that are running outdated Exim (email) software. The forum also mentions that the ransomware managed to get root access to servers by “unknown means”.

Read Also: Exim patches a major security bug found in all versions that left millions of Exim servers vulnerable to security attacks

Lilocked doesn't encrypt system files, but it encrypts a small subset of file extensions, such as JS, CSS, HTML, SHTML, PHP, INI, and other image file formats so the infected servers are running normally. As per the French security researcher, Benkow, Lilocked has encrypted more than 6,700 servers, out of which many have been indexed and cached in Google search results. However, the number of affected servers is much higher. “Not all Linux systems run web servers, and there are many other infected systems that haven't been indexed in Google search results,” ZDNet reports.

It is easy to identify the servers that have been affected by the ransomware as most of their files are encrypted and they sport a new ".lilocked" file extension.

lilocked-ransomware-lilu-affects-thousands-of-linux-based-servers-img-0Image Source: ZDNet


Read Also: Exim patches a major security bug found in all versions that left millions of Exim servers vulnerable to security attacks

The victims are first redirected to a portal on the dark web, where they are asked to enter a key from the ransom note and later are notified that their data has been encrypted. The victims are then asked to transfer 0.03 bitcoin, which is around $325.

https://twitter.com/dulenkp/status/1170091139510218752

https://twitter.com/Zanket_com/status/1171089344460972032

To know more about the Lilocked ransomware in detail, head over to ZDNet.

Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime

Other interesting news in security


Intel’s DDIO and RDMA enabled microprocessors vulnerable to new NetCAT attack

Endpoint protection, hardening, and containment strategies for ransomware attack protection: CISA recommended FireEye report Highlights

StackRox App integrates into the Sumo Logic Dashboard  for improved Kubernetes security