Linux.Encoder.1 Ransomware Spreads to 3,000 Websites

Share this…

Expect a new ransomware version in the coming weeks.The Linux.Encoder.1 ransomware, a special strand that has a taste for Web hosting and source code repositories, has managed to spread to almost 3,000 websites, despite being highly publicized in the media.

The ransomware that spreads only to Linux operating systems has been seen only targeting specific OS distributions, the ones set up to handle Web traffic.

According to Dr.Web, the Russian security vendor who first detected it, the ransomware infects websites via known security vulnerabilities in common CMS solutions. Dr.Web’s staff has seen infections commonly affect WordPress and Magento installations.

Because the ransomware leaves a txt file on all infected machines, and since it targets Web hosting environments, a quick Google search reveals that today, at the moment of this article, Linux.Encoder.1 has infected at least 2,920 hosts. Dr.Web previously reported over 2,000 targets only three days ago.

This shows the ransomware is spreading, despite the fact that most webmasters have found out about it, and after Bitdefender’s security researchers manage to crack its encryption and create a decryption tool.

Similarly to Bitdefender, Dr.Web also created a decryption tool, but it’s offering it to its clients only.

Since both decryption tools leverage a mistake in the ransomware’s encryption methods, expect a so-called Linux.Encoder.2 version in the coming weeks.

To prevent future infections with any type of malware, webmasters are encouraged to keep their Web-based software updated to the latest versions.