A new version of the Clop ransomware, designed for Linux, has been discovered in the wild. However, the encryption algorithm used is flawed, meaning that it is possible to decrypt files without paying the ransom. The ELF executable was first seen on December 26, 2022, and is believed to be part of an attack on educational institutions in Colombia. The Clop ransomware has been active since 2019, but six people associated with the group were arrested in June 2021. The ransomware made a surprise return in early 2022, targeting industrial and tech companies. The Linux version is not as advanced as the Windows version, and is currently undetected by all 64 security engines on VirusTotal. It is possible to decrypt files using a hard-coded master key, without paying the ransom. This development shows that threat actors are increasingly targeting other platforms, and that Linux-targeted ransomware campaigns are likely to become more common in the future.
This Cyber News was published on thehackernews.com. Publication date: Tue, 07 Feb 2023 13:22:03 +0000