A new piece of ransomware dubbed Linux.Encoder.1 has been discovered that targets Linux servers. Researchers have found that the virus only encrypts files that are related to Web hosting, Web servers, MySQL, Subversion, Git, and other software packages used in Web development and Web servers.

The virus is known to encrypt the following directories:


Researchers have also found that the virus only encrypts files with the following extensions:

“.php”, “.html”, “.tar”, “.gz”, “.sql”, “.js”, “.css”, “.txt” “.pdf”, “.tgz”, “.war”, “.jar”, “.java”, “.class”, “.ruby”, “.rar” “.zip”, “.db”, “.7z”, “.doc”, “.pdf”, “.xls”, “.properties”, “.xml” “.jpg”, “.jpeg”, “.png”, “.gif”, “.mov”, “.avi”, “.wmv”, “.mp3” “.mp4”, “.wma”, “.aac”, “.wav”, “.pem”, “.pub”, “.docx”, “.apk” “.exe”, “.dll”, “.tpl”, “.psd”, “.asp”, “.phtml”, “.aspx”, “.csv”

Linux-Encoder-1Just like its Windows cousin CryptoWall, any directory that has been encrypted or at least contains one encrypted file will have a file title README_FOR_DECRYPT.txt file with a ransom demand. It has been reported that, even though the virus primarily targets business environments, the ransomware only asks for 1 Bitcoin, a fairly low amount compared to other ransomware. At the time of this post, 1 Bitcoin is worth approximately $325.

Thankfully Linux.Encoder.1 is not as sophisticated as its Windows counterpart. Researchers at Bitdefender discovered a critical flaw in how the ransomware creates its encryption key while performing tests in their lab and have already released a free tool that will automatically decrypt any files on a victim’s system that were targeted.

Even though a flaw was discovered within Linux.Encoder.1, the next variant of it will most likely be patched and encrypted files will not be as easily recovered. With this in mind, powersolution.com recommends that any Organization running Linux machines install a security product, roll out patches and updates as soon as they become available, and keep regular backups of their data just in case they should find themselves a victim of ransomware like Linux.Encoder.1.

How is your state of IT?

Call Us: (201) 493-1414

Related Articles

FaceTime bug poses privacy threat for individuals and businesses using the app
Will your data be affected by Google’s GDPR flop? Europe leads the way on privacy policy enforcement.
Google applies modifications to Chrome after major privacy issue
Update: additional info on advanced malware, named VPNFilter
Additional Update on CPU Meltdown and Spectre Vulnerabilities
CPU Meltdown and Spectre Alert Update
Critical flaw in Intel Chips makes your computer vulnerable without a fix, and too slow with a patch.
U.S. Congress Hired the Wrong “IT Guy” – How SMBs Can Avoid a Similar Costly Mistake
Our Awards:
IT Support NJ - Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution industry awards
IT support NJ - Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution IT industry awards
Scroll to Top