Highlights:

  • Researchers noted that ransomware gangs are increasingly customizing their attacks to target Linux computers.
  • Ransomware attackers are financially driven and will quickly follow new opportunities if they believe it may help them make more money.

Typically overlooked by businesses, there has been a significant increase in ransomware assaults targeting Linux as cybercriminals diversify attacks and exploit Operating Systems (OS).

Cybersecurity researchers from Trend Micro discovered that Linux servers are “increasingly coming under fire” due to ransomware attacks. The number of ransomware detections has increased by 75% over the past year. Cybercriminals are making attempts to broaden their activities beyond Windows operating systems.

Linux is popular for businesses as it powers crucial enterprise IT infrastructure, including servers. This is the reason why it’s the most sought-after target for ransomware gangs. This is especially true when security teams may prioritize protecting Windows networks over Linux due to a false belief that Linux is less vulnerable.

Researchers noted that ransomware gangs are increasingly customizing their attacks to target Linux computers.

One of the most widespread and effective ransomware operations in recent memory is LockBit, which recently added a Linux-based variant tailored to infect Linux systems and has been used to launch assaults in the wild.

Ransomware attackers are financially driven and will quickly follow new opportunities if they believe it may help them make more money. A recent trend among ransomware attackers involves encrypting Linux systems and demanding payment for the key to open encrypted files and servers.

As ransomware perpetrators seek to maximize profits, experts predict this strategy will become increasingly widespread.

Jon Clay, VP of threat intelligence for Trend Micro, said, “New and emerging threat groups continue to evolve their business model, focusing their attacks with even greater precision. That’s why it’s essential that organizations get better at mapping, understanding, and protecting their expanding digital attack surface.”

Additionally, Trend Micro reports a 145% spike in Linux-based cryptocurrency-mining malware assaults, in which cybercriminals stealthily use the processing power of compromised machines and servers to mine for bitcoin.

Online hackers are finding ways to compromise Linux systems by exploiting security holes that have not been patched. CVE-2022-0847, also known as Dirty Pipe, is one such flaw affecting the Linux kernel, starting with version 5.8 and allowing attackers to gain privileges and execute code, according to the report. The research community has issued a “pretty straightforward to exploit” warning on this flaw.

Installing all available security patches on Linux systems is crucial to keep them safe from ransomware and other forms of cyberattack, as this stops hackers from using vulnerabilities for which there are already solutions.

It is recommended that multi-factor authentication be used across the board to further beef up system security and prevent ransomware criminals from moving from network to network.