Cybercriminals Evolve: Linux Systems Face Growing Ransomware Threat

The latest research by Check Point has unveiled significant shifts in the cyber threat landscape, where experts have observed a marked increase in ransomware attacks targeting Linux systems, particularly ESXi, compared to the traditionally more vulnerable Windows systems.

Historically, ransomware attacks have primarily targeted Windows. The very first case of a ransomware attack, dating back to 1989, exclusively targeted computers running the earliest versions of Windows.

It was not until 2015, with the emergence of Linux.Encoder.1, that ransomware targeting Linux began to actively proliferate. Since 2020, there has been a notable increase in such attacks.

Check Point’s analysis encompasses 12 major families of ransomware capable of attacking both Linux and Windows systems. A notable characteristic of ransomware targeting Linux is their relative simplicity compared to their Windows counterparts. Many of these threats utilize the OpenSSL library with encryption algorithms ChaCha20/RSA and AES/RSA.

Check Point’s study reveals that ransomware targeting Linux often simplifies its functionality to basic encryption, making it challenging to detect. Special attention is given to attacks on ESXi systems and the identification of vulnerabilities in open services as primary entry points.

Linux-targeted ransomware primarily focuses on servers within large and medium organizations, in contrast to the more universal threats to Windows, capable of attacking virtually every workstation. This indicates the deliberate and complex nature of such attacks.

In comparing encryption techniques, Check Point identified a preference for OpenSSL in Linux-targeted ransomware, with AES and RSA as the primary algorithms.

Thus, the rise in ransomware attacks on Linux systems, as demonstrated by Check Point’s research, serves as a stark reminder of the ever-evolving cyber threat landscape. This underscores the need to strengthen the protection of Linux servers and systems in organizations, along with continuous monitoring and updating of security measures, to combat the growing threat of ransomware and other attacks on this platform.