Who can do their Linux research for a Ransomware Angriff?

Ransomware, used by Linux investigators, may become increasingly difficult. When the excessive management of the ransomware is no longer based on Windows systems, you can use the Ransomware groups in their security arsenals, so it is a compatible Linux system.

Linux in the rules of the operating system for the server and the network is usually critical because of the critical infrastructure, can be an angry dominant message. It is interesting to run a ransomware variant on a Linux computer. The problem with the Linux-based ransomware attacks is a new challenge, the cybercrime is active on strategic strategic attacks, another way to find solutions. If the Linux investigation has aroused interest, it is not the case that Windows is keeping a close watch and that the Security Lücken are less easily used.

Zunehmende extension of ransomware, which works on Linux

The era of the Ransomware family, running on Linux, could have dramatic consequences in recent years. A study ergab einen Anstieg um 75% vom ersten Halbjahr 2021 (1,121 Recognitions) to first Halbjahr 2022 (1,961 Recognitions). Laut dem Jahresbericht 2023 von Recorded Future Insikt pass the technical deed with alarming hardware and a Linux system.

In the broadcast of Halbjahr 2022 and the first Halbjahr 2023, the Hinweise and English versions of Linux have quadrupled. It is not that it is active to remove ransomware, which will disable Windows, then remove the lost time.

BlackCat will be in power in the year 2023, as part of an international network, by MGM, NextGen Healthcare, Solar Industries India, Instituto Federal Do Para, Munster Technological University and Lehigh Valley Health Network. In the year 2024, a fear of change in healthcare would be used, while creating a pressure on the market of 22 million US dollars, a diverse healthcare service, which would long be unavailable in the United States to buy online come.

In the light of the Ransomware LockBit that is a great incentive for the underlying welders, in its various form of fear, more than 2,000 offered organizations are dying, dealing with the Saint Anthony Children’s Hospital, Boeing, the British Royal Mail and the Sandwich-Restaurantkette Subway, of more than 120 million dollars and loss of money have been erpresst. The Ransomware group is said to have shut down the UK’s National Crime Agency (NCA), but its activities would be carried out on the March 2024 when they gained new capabilities on their Darknet website.

One-time mark of Ransomware

Most Ransomware program, which runs on Linux, is an attack carried out on the Windows computer. An article here is LockBit, in a campaign since 2019, a new network version of Linux versions that contains a Ransomware variant. They are, as a rule, in the form of a platform with a good passage, such as z. B. Rust and Golang, would be relatively simple for the new composite system.

The first Ransomware family, which was mainly used in the Linux war, had started in 2015 with the version of Linux.Encoder.1 Ransomware. If these scary TTPs are used, the effects on the Windows system are high. Often if TTPs are not installed on the Linux system, this was done in a process of processing and processing other systems.

When analyzing the ransomware family, which is installed on Linux, the Forscher festivity is that the used utility charges are generally reduced to a minimum and with minimal costs and inhalation of the internal binary data. If an error occurred, the date change code was changed. It is the ransomware that uses very strong configurations, scripts or internal security mechanisms used to control and perform actions. A note here is that Cl0p, nur über Verschlüsselungsfunktionen varies and as a single Parameter one of different Pfad unterstützt.

Contents of an encrypted file by iFire

If this is how Ransomware enters the logic, it is worth recognizing. Requirements are not available in the logic series, the malware for Windows computers has not been found, which could be a communication protocol with a server, Befehle zur Vorbereitung des Systems auf de Verschlüsselung or Methoden zur Persistenz. The minimalist code is displayed and is less suitable for other legitimate codes.

Erreichen an infection

On a Linux computer, you can use other methods and techniques with Windows or macOS, such as preventing phishing or Credential Stuffing. Statistical utilities Hacker in de Regel Schwachstellen or on internet exponière Fehlconfiguration aus. One of the higher infections in Linux is one of the best ways to run an exponential service, on the hosted server.

The Grund for that raw knowledge is that the Linux rechner is, as a rule, not used as workstations used, when the Benutzer is the most advanced Glied. As a rule, if you are on the server, the service is running, which works with the Internet. Since this research is compromised, it could be that a lateral Zugriff works on the network of the external networks.

A file list before and after executing the payload

Die Kill Chain

Persistence plays at Ransomware Campaigns, and also others Arten von Bedrohungen, no major Rolle. If the date and options display shift, this is a different option in the system. In the real world, a mortgage deed is motivated, the transfer of a computer is not possible, but other people can also use another infrastructure and start working after the infrastructure infrastructure.

When you travel with your technology, you should take advantage of the security and care for the health of your company. After composing the exponential services, you can set up the Kill Chain in the Control of a Webshell, taking control of the Soul Server around the world.

Web shells are active as hints and ermöglichen and bedrungsakteuren, such as a new start based on a compromised server. If a complex problem later arises on the server, it often persists during the new use or exfiltration of the server notification. You can provide the Zugriff with a legitimate service through the SSH judge. If you choose to apply Ransomware more persistent methods. As a rule, the errant server is shifted and deleted as quickly as possible when the shutdown itself occurs, with ransomware terminating LockBit and BlackCat.

The auxiliary parameters invoked by a BlackCat ransomware attack

A Linux Kill Chain error has been created

Check out the different ransomware families, with LockBit, BlackCat or others with Cl0p and Maori, used in the rules of the TTPs, programs and technologies. There are new technical variations that have a new purpose, the hacker understands the stealth and penetration of fear to make refinements, but it may be that the previous steps will no longer be carried out. The beginning of the Angreiferverhalten is light, a fear of antizipieren and the inheritance orderlichen Sicherheitsvorkehrungen will strike, a Sicherheitsverletzungen will be prevented.

CTEM (Continuous Threat Exposure Management) tools are security teams that help the organization through ransomware threats and increase the risks you can take to best prioritize security effectiveness. Running the tests, you can provide security teams with an emulsion of Ransomware-Angriff, one of the tests performed, where the implemented Korrekturen functions were executed.

“RansomwareReady” from Pentera is a lost solution. If you use Ransomware campaigns, you can run the production of the remote systems. The platform is more like a Schwachstellenanalyse and emulier attacks of the most common Ransomware-Stämme under Windows and Linux, by Maze, REvil, Conti, LockBit 2.0 and Lockbit 3.0.

Once you have appeared on the network, you can use Pentera Ransomware TTPs to see what security measures you can take. The platform’s algorithms establish a connection with the injection-based scripts, the Ausnutzung der Nutzlast, the Verschlüsselung van Daten and the Exfiltration on a C2 Server.

Attack path for LockBit 3.0

When concurrent attacks can be carried out, RansomwareReady can enable the security of the security guidelines and tools for recognition and responses.

There are a number of security teams that have prioritized writing a program for the security of the Schwachstellen, the process of starting up the Sicherheit and recovering from the disease, the organization on Ransomware can be clarified and put an end to this situation.

The hacker in his palette and TTPs has obtained an overview of the diverse endpoint and operating system, allowing a number of other solutions to be set, which his infrastructure ganzheitlich achieves, one of these fears is to stop. The Defender can no longer prevent the broader state of affairs in this law from being caused by ransomware in the underlying operation. If you are more in the Schutzbereich, there is better operation and better operation.

Would you like to know more about Ransomware-Resilienz? Test your Linux system with Pentera and look further.

Quelle: Pentera Blog

Contact us:

Matan Katz, Regional Development

Here is a direct terminal box:

https://pentera.oramalthea.com/c/MatanKatz

Oliver Meroni, Regional Sales Manager Switzerland and Austria, Pentera

Hanspeter Karel, Vice President of DACH Area, Pentera

Bild/Quelle: https://depositphotos.com/de/home.html