Home Security Linux Variant of Clop Ransomware Noticed, However Makes use of Defective Encryption Algorithm

Linux Variant of Clop Ransomware Noticed, However Makes use of Defective Encryption Algorithm

by crpt os


Feb 07, 2023Ravie LakshmananEncryption / Linux

The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process.

“The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom,” SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News.

The cybersecurity firm, which has made available a decryptor, said it observed the ELF version on December 26, 2022, while also noting its similarities to the Windows flavor when it comes using the same encryption method.

The detected sample is said to be part of a larger attack targeting educational institutions in Colombia, including La Salle University, around the same time. The university was added to the criminal group’s leak site in early January 2023, per FalconFeedsio.

Known to have been active since 2019, the Clop (stylized as Cl0p) ransomware operation suffered a major blow in June 2021 when six individuals affiliated with the gang were arrested following an international law enforcement operation codenamed Operation Cyclone.

But the cybercrime group staged an “explosive and unexpected” comeback in early 2022, claiming dozens of victims spanning industrial and tech verticals.

SentinelOne characterized the Linux version as an early-stage version owing to the fact that some functions that are present in its Windows counterpart are missing.

This lack of feature parity is also explained by the fact that the malware authors have opted to build a custom Linux payload rather than simply porting over the Windows version, suggesting that future variants of Clop could close those gaps.

“A reason for this could be that the threat actor has not needed to dedicate time and resources to improve obfuscation or evasiveness due to the fact that it is currently undetected by all 64 security engines on VirusTotal,” Terefos explained.

The Linux version is designed to single out specific folders and file types for encryption, with the ransomware containing a hard-coded master key that can be utilized to recover the original files without making a payment to the threat actors.

If anything, the development points to a growing trend of threat actors increasingly venturing beyond Windows to target other platforms.

“While the Linux-flavored variation of Cl0p is, at this time, in its infancy, its development and the almost ubiquitous use of Linux in servers and cloud workloads suggests that defenders should expect to see more Linux-targeted ransomware campaigns going forward,” Terefos said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex