Results 1 to 5 of 5

Thread: Erebus Resurfaces as Linux Ransomware

  1. #1
    Join Date
    Oct 2009
    Location
    apt-get
    Beans
    4,279
    Distro
    Xubuntu 16.04 Xenial Xerus

    Erebus Resurfaces as Linux Ransomware

    Hi,

    The other day, there was yet another debate on LinkedIn about Microsoft Windows vs GNU/Linux. Today, someone posted this:

    http://blog.trendmicro.com/trendlabs...ux-ransomware/

    On June 10, South Korean web hosting company NAYANA was hit by Erebus ransomware (detected by Trend Micro as RANSOM_ELFEREBUS.A), infecting 153 Linux servers and over 3,400 business websites the company hosts.
    My question to our Ubuntu and/or GNU/Linux Security Masters and Gurus, is this true?

    I know there is NO 100% secure system on earth as of this very moment but can GNU/Linux resist this nasty virus and/or other viruses?!

    Are these statements true:

    This is a message to companies and security professionals that no system is immune to attacks by default, and to beginners those were bragging about how Linux is powerful compared to windows when it comes to viruses...well, here you go!
    To Linux lovers, no one is safe anymore, you should rethink your server security seriously and deploy server security ASAP!
    Thanks in advance

  2. #2
    Join Date
    Jul 2013
    Beans
    6

    Re: Erebus Resurfaces as Linux Ransomware

    I would say that since Trend Micro put info on their blog, then there is some weight to the story. But, reading the blog, I see a couple of interesting points. This paragraph from the blog points out the fact that the alleged infected servers are old and/or haven't been updated in years.
    Possible Arrival Vector
    As for how this Linux ransomware arrives, we can only infer that Erebus may have possibly leveraged vulnerabilities or a local Linux exploit. For instance, based on open-source intelligence, NAYANA’s website runs on Linux kernel 2.6.24.2, which was compiled back in 2008. Security flaws like DIRTY COW that can provide attackers root access to vulnerable Linux systems are just some of the threats it may have been exposed to.

    Additionally, NAYANA’s website uses Apache version 1.3.36 and PHP version 5.1.4, both of which were released back in 2006. Apache vulnerabilities and PHP exploits are well-known; in fact, there was even a tool sold in the Chinese underground expressly for exploiting Apache Struts. The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack.
    If I stopped reading after that paragraph I would already feel 99% more secure with my fully updated and maintained 2016-2017 vintage Linux installs.

    This being said, I would also not necessarily be complacent with my systems. Unfortunately we always need to be on guard with our Internet connected devices.
    Last edited by gjohnz; July 8th, 2017 at 11:41 AM.

  3. #3
    Join Date
    Oct 2009
    Location
    apt-get
    Beans
    4,279
    Distro
    Xubuntu 16.04 Xenial Xerus

    Re: Erebus Resurfaces as Linux Ransomware


  4. #4
    Join Date
    Sep 2007
    Beans
    295

    Re: Erebus Resurfaces as Linux Ransomware

    Just read through this thread. It appears that a South Korean company paid 1M dollars in ransom because of Erebus. Have we patched Erebus in ubuntu? How safe are we?

  5. #5
    Join Date
    Oct 2005
    Location
    Al Ain
    Beans
    9,767

    Re: Erebus Resurfaces as Linux Ransomware

    It seems to work only on a specific version of some long obsolete server from ten years ago.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •