Erebus Ransomware Targets Linux Servers

by CIRT Team

The IT security researchers at Trend Micro recently discovered malware that has the potential to infect Linux-based servers. The malware, called Erebus, has been responsible for hijacking 153 Linux-based networks of a South Korean web-hosting company called NAYANA.

Erebus has reached new heights by having the ability to bypass not only UAC but also affect entire networks that run on Linux. Given that most organizations today use Linux for their networks. According to Trend Micro, the most recent version of Erebus uses RSA algorithm to alter the AES keys in Windows and change the encryption key as such. This version can affect a total of 433 file types including databases, archives, office documents, email files, web-based files and multimedia files.

Best practices for securing Linux servers and systems :

• Back up files.
• Keep the system and server updated.
• Avoid or minimize adding third-party or unknown repositories or packages.
• Apply the principle of least privilege.
• Proactively monitor and validate your network traffic.
• Apply network segmentation and data categorization.

Reference URL:

• https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/erebus-linux-ransomware-impact-to-servers-and-countermeasures
• http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-linux-ransomware/

CIRT Team