ransomware virus on Linux

RW rwmaillists at googlemail.com
Fri Nov 20 00:21:38 UTC 2015

On Thu, 19 Nov 2015 16:20:28 -0600
Brandon J. Wandersee wrote:

> From what I've been able to glean, this seems a little bit overblown.
> I don't doubt the effects are significant for the people experiencing
> them, but it seems extremely limited. The program is said to "take
> advantage of" an outdated, running instance of the Magento e-commerce
> software, so I have to think that it can only be executed via
> Magento. It also encrypts only directories that would absolutely
> require root privileges to modify--e.g., it specifically
> encrypts /home, not individual user directories, so even if you
> deliberately executed it as a regular user it would have no effect.

I would guess it would recurse from /home into whatever it can
access - it probably just encrypts the files in place.

What worries me is that the next version might target Linux workstations
where there's a lot of very complex software running as the owner of
the user data. 

More information about the freebsd-questions mailing list