The New Linux Encoder Ransomware And Rising Data Hostage Crisis

Updated on December 20, 2017 by UpGuard

The New Linux Encoder Ransomware And Rising Data Hostage CrisisAt the start of the year, the FBI issued an alert warning internet users about the rising threat of ransomware, detailing its dramatic increase in both frequency and sophistication. Looks like the feds were on point: as it stands, 2015 has turned out to be a record year for data hostage-taking. So what can be done to defend oneself against this new insidious threat to data sovereignty?

Ransomware Mechanics

Ransomware campaigns usually come in one of two forms: (1) a computer lock scheme with unlocking upon ransom payment, or (2) a file encryption scheme with decryption upon ransom payment. It's common for perpetrators to masquerade as government agencies or law enforcement, usually threatening the victim with arrest/prosecution if a fine isn't paid for some digital transgression. This hapless victim even turned himself in to the authorities, guilt-ridden, after being duped by child pornography ransomware.

The New Linux Encoder Ransomware And Rising Data Hostage Crisis

Typical ransomware screen. Source:

Ransomware typically arrives onto the victim's machine as a Trojan, usually through a file download or email attachment. Unpatched software and systems are a common area of exploitation for attackers as well—one of the many critical Flash vulnerabilities this year was exploited with a pay-to-decrypt ransomware scheme.

See how upguard prevents ransomware


Despite its name, this latest form of ransomware is not due to a Linux vulnerability, per se—but in a security flaw in Magento ecommerce platform, which runs on LAMP (Linux, Apache, MySQL, PHP). Once executed, the Trojan encrypts the contents of the /home, /root and /var/lib/mysql folders. Additionally, it attempts to also encrypt the contents of root (/), bypassing only critical system files so the OS is able to boot again. A patch to fix the vulnerability has been available from the Magento website since February 9, 2015. 

The New Linux Encoder Ransomware And Rising Data Hostage Crisis

Linux.Encoder.1 ransom instructions. Source:

The cost of the ransom for decryption? 1 bitcoin, or ~$500.

Preventing Data Hostage Scenarios

Ransomware takes advantage of vulnerabilities in widely used software and platforms like Flash, Magento, and WordPress to propogate and install malicious payloads. And in most of these scenarios, lack of visibility and proper updating are what lead to most data hostage scenarios. Don't leave your critical system unpatched—try UpGuard today to see what hidden vulnerabilities are lurking your environment. It's free for up to 10 nodes and could save your organization from becoming the next data hostage casualty.

See your website's faults before your competitors

Improving the accuracy of cyber risk assessment has the same beneficial effects as in other branches of insurance. First, premiums more closely reflect the risk a policy holder presents to the insurer, making the system more fair. Second, attributing risk factors to elements within the policy holders control like IT systems, rather than immutable factors like industry sector, provides a path to improving the risk profile. Third, companies that might have appeared too risky to acquire cyber insurance under models based on external data will be able to demonstrate that they present a lower risk than their peers.

Do you want to see this in action?
See What UpGuard Can Do For You  

More Blogs

How CSTAR Works

All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >

Snoop Dogg to Server Admins: "Fix Your Sh*t"

Whenever possible, try to fix potential outages before they occur. Getting a notification that something broke is never enjoyable.
Read Blog >

Understanding Risk in the 21st Century

And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Blog >