ransomware virus on Linux

Olivier Nicole olivier.nicole at cs.ait.ac.th
Thu Nov 19 08:03:24 UTC 2015


>> The structure of the attack makes me think that it would work the same way on
>> FreeBSD too.
> As far as I understand: Yes, that would be possible (given that
> the FreeBSD installation is much like the Linux installations
> affected in terms of software versions in use).

I tend to think that by the time it comes on FreeBSD, the flaw on
generating the key will have been corrected (I am pretty sure it has
already been corrected for Linux). So the decryption script will not
work anymore.



>> Do we have already known attacks like this?
> Maybe those running a significant attack surface (i. e., old and
> unpatched version of Magento, as the article you pointed to states),
> could provide more information:
>         Linux.Encoder.1 is executed on the victim's Linux box
>         after remote attackers leverage a flaw in the popular
>         Magento content management system app.
> Proper settings of (write) privilege, account separation, the use
> of jails will probably make this harder to spread across a whole
> system. The article mentions a few things to pay attention to.
>> If we would have a known attack and test data from this (i.e. an
>> encrypted file system tree), I think it would be worth to check if the
>> software described by Bitdefender could be ported to FreeBSD too.
> It would be interesting to see if the Linux version would work
> on FreeBSD (via Linux ABI), because the file system access at
> this point is still "abstracted" to the running program.
> --
> Polytropon
> Magdeburg, Germany
> Happy FreeBSD user since 4.0
> Andra moi ennepe, Mousa, ...
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list