Magento CMS users, beware of Linux ransomware!

A ransomware encrypts data on your system and asks for payment to decrypt them. They are existing for a while now. However, attacks on Linux haven’t been heard of. It seems that we have encountered the first registered ransomware attacking Linux systems (codenamed Linux.Encoder.1).

Linux is not directly responsible for the vulnerability. Magento CMS which is a popular CMS solution has a vulnerability which let attackers get access to the filesystem and home directory of the users. As you can guess, web facing servers are vulnerable to this attack. Files are encrypted with AES keys and stored with a .encrypted extension by the Trojan. The text file (README_FOR_DECRYPT.txt) with demand and instructions are left on the disk. Payment is demanded in Bitcoins.

Magento released a patch on 31 Oct to address this problem.

Affected parties now have a tool to decrypt the encryption, thanks to Bitdefender Labs.

3 thoughts on “Magento CMS users, beware of Linux ransomware!”


Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s