The new ransomware variant called Lilocked has been
infecting thousands of servers and encrypting their files while demanding a ransom. A curious fact about
this type of ransomware is that it only seems to attack Linux-based systems.
Currently, The method used by Lilocked
to breach the security of the servers and encrypt their content is unknown. Some experts have suggested
the theory that it could be taking advantage of the outdated software running on these systems to infect them.
Once a server is infected by this ransomware it is easy
to detect, since the files are encrypted with the extension '.lilocked' and
each folder includes a copy of a ransom note. Una
once users open the note, son redirigidos a un portal de la de DeepWeb donde se les muestra un mensaje para pagar 0.03 Bitcoins en su rescate (some 250 Euros).
Lilocked no cifra archivos de sistema, por lo que los
servidores continúan funcionando con normalidad. Lo que cifra es un subconjunto de extensiones
tipo HTML, SHTML, JS, CSS, PHP, INI, etc.
Debido a que aún se desconoce el método utilizado para infectar
los servidores, no se puede proporcionar una solución concreta al problema, but
la recomendación genérica es que los servidores tengan contraseñas extensas y
robustas, así como mantener las aplicaciones
actualizadas.