Linux.Encoder

Linux.Encoder.1 is considered as the first Ransomware Trojan targeting computers running Linux.^[1] Discovered on November 6, 2015, by Dr. Web, this malware affected more than 2,000 Linux users. ^[2]

Linux.Encoder.1 is remotely executed on the victim's computer by using a flaw in Magento, a popular Content_management_system app. When activated, the malware encrypts certain types of files stored on local and mounted network drives using AES and RSA Public-key_cryptography, with the private key stored only on the malware's control servers. The malware then store a file called "readme_to_decrypt.txt" in every folder. The message which offers to decrypt the data if a payment (through Bitcoin) is made.^[3] Compared to other ransomware such as CryptoLocker, the malware does not state a deadline to pay and the ransom does not increase over time.

References

^ Bisson, David (November 10, 2015). "Website files encrypted by Linux.Encoder.1 ransomware? There is now a free fix". Graham Cluley. Retrieved November 16, 2015.
^ "Encryption ransomware threatens Linux users". Dr. Web. November 6, 2015. Retrieved November 16, 2015.
^ "Linux Ransomware Debut Fails on Predictable Encryption Key". Bitdefender Labs. November 10, 2015. Retrieved November 16, 2015.

References

This malware-related article is a stub. You can help Wikipedia by expanding it.

[1] Bisson, David (November 10, 2015). "Website files encrypted by Linux.Encoder.1 ransomware? There is now a free fix". Graham Cluley. Retrieved November 16, 2015.

[2] "Encryption ransomware threatens Linux users". Dr. Web. November 6, 2015. Retrieved November 16, 2015.

[3] "Linux Ransomware Debut Fails on Predictable Encryption Key". Bitdefender Labs. November 10, 2015. Retrieved November 16, 2015.

[1]

[2]

[3]