​Linux hit by crypto-ransomware - but attackers botch private key

Attackers are demanding one Bitcoin from web admins to unlock files infected by a new ransomware variant for Linux machines.
Written by Liam Tung, Contributing Writer
Ransomware Linux.Encode.1 has the 'million-dollar flaw' of a predictabe RSA key.
Image: Symantec
Admins are facing a variant of Linux malware that encrypts files on infected web servers. But the good news for now is the private key that locks down those files is predictable.

The crypto-ransomware is aimed at Linux system administrators and demands exactly one Bitcoin to restore access to key files. One Bitcoin was worth about $420 last week but is currently $375.

According to Russian antivirus firm Dr Web, which labeled the ransomware Linux.Encode.1, the files it encrypts suggests the main target is website administrators whose machines have web servers deployed on them.

The malware first encrypts directories for home, root, MySQL, ngnix, and Apache and then moves on to encrypt files for web apps, backups, Git projects and numerous other files with specific extensions, such as .exe, .apk and .dll.

The files are encrypted with AES-128 while decryption requires a private RSA key, which the attackers claim they will provide after payment.

"Compromised files are appended by the malware with the .encrypted extension. Into every directory that contains encrypted files, the Trojan plants a file with a ransom demand -- to have their files decrypted, the victim must pay a ransom in the Bitcoin electronic currency," Dr Web notes.

The company said previous attacks on web servers have exploited a recently-patched flaw in the Magento content-management system, so that could be how Linux machines are being infected.

At the end October, Magento warned users to install a bundle of patches, which included a fix for a remotely-exploitable bug that gave access to system files in some server configurations.

The company said it expected automated attacks on Magento installations following the publication of the issue by the security researcher who reported the bug.

Security vendor BitDefender has also analysed the Linux.Encoder.1 malware and said it was extremely similar to more widespread ransomware for Windows machines, such as CryptoLocker and TorLocker, which have reportedly made tens of millions of dollars for their operators.

"Just like Windows-based ransomware, it encrypts the contents of these files using AES (a symmetric key encryption algorithm), which provides enough strength and speed while keeping system resources usage to a minimum," BitDefender explained.

"The symmetric key is then encrypted with an asymmetric encryption algorithm (RSA) and is prepended to the file, along with the initialisation vector (IV) used by AES."

However, the makers of this sample made a "million-dollar flaw", namely a predictable RSA key, which allowed the company to create an automated decryption tool available here.

The company's researchers reverse-engineered the sample and discovered it was not generating secure random keys and IVs.

"The sample would derive these two pieces of information from the libc rand() function seeded with the current system timestamp at the moment of encryption. This information can be easily retrieved by looking at the file's timestamp," the company explained.

"This is a huge design flaw that allows retrieval of the AES key without having to decrypt it with the RSA public key sold by the Trojan's operator(s)."

Although Linux users are lucky they don't need to pay up to reclaim their files, the ransomware adds to the list of recent attacks on Linux machines, albeit poorly configured ones, whose connectivity is harvested for use in distributed denial of service attacks or spreading malware for Windows.

Read more

Editorial standards