A new strain of ransomware named Lilocked or Lilu has affected thousands of Linux-based servers all over the world. The ransomware started infecting servers back in mid-July but in the last two weeks, the attacks have become more frequent.
The very first case of Lilocked ransomware came to light when a user uploaded a ransomware note on ID Ransomware, a website used for identifying the name of ransomware from the ransomware note or demand specified in the attack. It targets servers and gains its root access. The mechanism behind how it gets access in unknown yet. According to a Russian forum, bad actors might be targeting Linux-based servers that are running defunct Exim software. Lilock ransomware does not affect system files but files with extensions including HTML, SHTML, JS, CSS, PHP, INI, and other image formats. Since system files are not affected, Linux systems are running normally.
Submitted by: Arnfried Walbrecht