[German]A ransomware called DarkRadiation targets Linux systems from Red Hat, CentOS or Debian-based distributions. Security vendor Trend Micro points this out in a new blog post. The malware does so using tools to detect the environment and then spread laterally across networks via spreader script.
I became aware of the issue via the following tweet from Trend Micro. The details ere explained in more detail in the Trend Micro blog post Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions.
The recently discovered Bash ransomware piqued the interest of Trend Micro security researchers in more ways than one. Then when the security analysts examined the ransomware, they found that the attack chain is fully implemented as a Bash script. However, the researchers suspect that the scripts are still under development.
Most of the components of this malware mainly target the Red Hat and CentOS Linux distributions. However, the security researchers have found hints of support for Debian-based Linux distributions in some scripts.
The worm and ransomware scripts also use the API of the messaging application Telegram for command-and-control (C&C) communication. In addition, Trend Micro security researchers found that most of the components of this attack have a very low detection rate in Virus Total. The URL containing the ransomware information and hack tools was originally reported by Twitter user @r3dbU7z.
The malware uses OpenSSL's AES algorithm with CBC mode to encrypt files in various directories. A detailed analysis of the malware can be found in Trend Micro's blog post.
Cookies helps to fund this blog: Cookie settings