A ransomware encrypts data on your system and asks for payment to decrypt them. They are existing for a while now. However, attacks on Linux haven’t been heard of. It seems that we have encountered the first registered ransomware attacking Linux systems (codenamed Linux.Encoder.1).
Linux is not directly responsible for the vulnerability. Magento CMS which is a popular CMS solution has a vulnerability which let attackers get access to the filesystem and home directory of the users. As you can guess, web facing servers are vulnerable to this attack. Files are encrypted with AES keys and stored with a .encrypted extension by the Trojan. The text file (README_FOR_DECRYPT.txt) with demand and instructions are left on the disk. Payment is demanded in Bitcoins.
Magento released a patch on 31 Oct to address this problem.
Affected parties now have a tool to decrypt the encryption, thanks to Bitdefender Labs.