There's been a big rise in ransomware attacks targeting Linux as cyber criminals look to expand their options and exploit an operating system that is often overlooked when businesses think about security.
According to analysis by cybersecurity researchers at Trend Micro, Linux servers are "increasingly coming under fire" from ransomware attacks, with detections up by 75% over the course of the last year as cyber criminals look to expand their attacks beyond Windows operating systems.
Linux powers important enterprise IT infrastructure including servers, which makes it an attractive target for ransomware gangs – particularly when a perceived lack of threat to Linux systems compared with Windows means that cybersecurity teams might choose to focus on defending Windows networks against cybercrime.
Researchers note that ransomware groups are increasingly tailoring their attacks to focus specifically on Linux systems.
SEE: Ransomware: Why it's still a big threat, and where the gangs are going next
For example, LockBit is one of the most prolific and successful ransomware operations of recent times and now offers the option of a Linux-based variant that is designed to target Linux systems and has been used to conduct attacks in the wild.
Ransomware attackers are financially motivated and will readily follow new opportunities if they think that it can help them make more money – and it appears that encrypting Linux systems and demanding a payment for the key to unlock files and servers is becoming increasingly popular.
Researchers suggest that this approach is only going to become more common as ransomware attackers look to make the most money possible.
"New and emerging threat groups continue to evolve their business model, focusing their attacks with even greater precision. That's why it's essential that organizations get better at mapping, understanding, and protecting their expanding digital attack surface," said Jon Clay, VP of threat intelligence for Trend Micro.
And it isn't just ransomware groups that are increasingly turning their attentions towards Linux – according to Trend Micro, there's been a 145% increase in Linux-based cryptocurrency-mining malware attacks, where cyber criminals secretly exploit the power of infected computers and servers to mine for cryptocurrency for themselves.
One of the ways cyber criminals are compromising Linux systems is by exploiting unpatched vulnerabilities. According to the report, these flaws include CVE-2022-0847 – also known as Dirty Pipe – a bug that affects the Linux kernel from versions 5.8 and up, which attackers can use to escalate their privileges and run code. Researchers warn that this bug is "relatively easy to exploit".
To protect Linux systems from ransomware and other cyberattacks, it's recommended that all security patches are applied as soon as possible to prevent cyber criminals from being able to take advantage of known exploits that have fixes available.
It's also recommended that multi-factor authentication is applied across the entire ecosystem to provide an additional layer of defence against attacks and prevent ransomware hackers from being able to move around networks.