Is your Server Safe?? New Ransomware targets Linux Servers - Lilocked

Before we get into the post I wanted to ask you some questions. Have you owned a server?? But this question is suitable for the person who is not owning any server also. You may ask how?? here is the simple answer. If you are using cloud services then you are also the person who needs to be taken care of.

In this blog post, I will explain how this malware gets affected with the server?? The name of Malware is Lilocked.

What is Lilocked???

Lilocked is a type of malware which targets and affects all the Linux based servers. This new Linux based malware is called Lilocked or Lilu. Since the name itself say about the malware intension. Lilocked name itself clearly shows that Linux Locked.
Li - Linux
Locked - Locking Linux based servers.

Till now it has affected 6700 servers.

What this Lilocked malware do??

After Lilock malware affects the system. The files in the Linux servers are encrypted. And the user has no longer access to his files. If again the user needs to access those encryption files. User needs the decryption key to retrieve the files. But this decryption key is with hackers. They will make us pay a certain amount of ransom for the decryption key. Once the decryption key is set up. You can access all those files. But it won't affect the Linux file system. It affects only the sub-files such as HTML, SHTML, JS, CSS, PHP and INI and other image file formats.

How this process happens??
  1. After malware gets affected. 
  2. It completely encrypts the files on the server. 
  3. It also shows some Ransom notes to the user such as
  4. I’VE ENCRYPTED ALL YOUR SENSITIVE DATA!!! IT’S A STRONG ENCRYPTION, SO DON’T BE NAIVE TO RESTORE IT;) [SIC]
    YOU CAN BUY A DECRYPTION KEY FOR A SMALL AMOUNT OF BITCOINS!
    YOU HAVE 7 DAYS TO DECRYPT YOUR FILES OR YOUR DATA WILL BE PERMANENTLY LOST!!!

  5. If you click the encrypted dialog box you will redirect to .Onion website. (ie) the dark web
  6. You may ask to pay some Ransome amount in bitcoins. 
  7. It depends on your files and the size of data you hold. But in one case they have demanded 0.03 bitcoin approximately equals to $310.
  8. Once you get the decryption key. You can access your files. 
Steps to be taken to defend against 
  1. Don't open emails and attachments from an unknown source. 
  2. Use application from the trusted authority. 
  3. Make sure to maintain a backup server. 
  4. Use IDS(Intrusion Detection System) systems to monitor your network for security issues. 
Linux is an open-source platform and has good security level. Even it lets gain access to hackers. 
We all know that 75% of the cloud is working on Linux. Are they are safe??? 

Comment your opinion and share to your colleagues. Inform about this issue. 

TheNextSpy 



5 comments:
Write comments
  1. Yeah, servers may be a very profitable target for hackers.

    ReplyDelete
  2. I really awed after read this in light of some quality work and instructive thoughts . I just wanna offer significant thanks for the writer and need you to appreciate all that life brings to the table for coming!. buy linux vps

    ReplyDelete
  3. What a fantabulous post this has been. Never seen this kind of useful post. I am grateful to you and expect more number of posts like these. Thank you very much. https://www.dedicated-servers.com

    ReplyDelete

TheNextSpy

TheNextSpy

Featured post

Trick to read paid article for free