Ransomware Found Targeting Linux Servers, MySQL, Git, Other Development Files

An anonymous reader writes: A new piece of ransomware has been discovered that targets Linux servers, looking to encrypt only files that are related to Web hosting, Web servers, MySQL, Subversion, Git, and other technologies used in Web development and HTTP servers. Weirdly, despite targeting business environments, the ransomware only asks for 1 Bitcoin, a fairly low amount compared to other ransomware.

Root

"Once launched with administrator privileges..."

Well, there's your problem.

A low price is not a bad thing.

[sims+2]

However 1 bitcoin is roughly $400. While still less than 10 bitcoins its not nothing either.

Re:Tape backups

Unlike desktops big iron use tape and raid backups

Raid is not a backup.

The attackers are hoping for volume

[CajunArson]

The relatively low price is designed to make it too much of a hassle for the victims to contact the police, lawyers, etc. etc. in an effort to track down and stop the perpetrators.

They are probably hoping for higher volumes of payment from a lot of people instead of trying to go all Hollywood and ask for some insane amount of money that would make bringing in the cops worthwhile.

A nice low number

[mhkohne]

That low ransom makes it REALLY easy for the business to justify just paying them off, instead of spending the time to deal with the problem in a different way. It's even small enough that a lower level manager who doesn't want to get fired for having screwed up and let this happen might pay it himself to keep from looking bad, which means that no one else in the organization might be informed.

If the malware can get enough traction, it could still bring in the big bucks over time.

Re:Git's not backup.

Given git's model, every developer has a full copy of the entire history. Sounds like a great backup to me.

Re:backup

[TeknoHog]

1. There is no reason to have anything rinning as root

I'm afraid you just misspelled "rimming".