Arts & Culture
Arts and Culture
Awards
Beauty
Buisiness
busi
Business
Business Directory
Caharity
Charity
Climate
Competitions & Surveys
Construction
CoronaVirus
Cycling
Digital
DISENCHANTMENT
e
ed
Education
Eduction
Emergency
Employment
ener
Energy
Entertainment
Entertianment
Enviroment
Enviromental
Environment
Events
Experts
Fashion
Fashion & Beauty
food
Food & Drink
Football
Funny
Games
Gaming
Government
Health
Heath
Hospitality
Jobs
Kids
Law & Finance
Life
Link Building
LIVE
Members Area
Motoring
Motoring Technology
Music
North East News
Oets
Pets
Politics
Property
Recruitment
Retail
s
Social
Space
Sport
Sports
Techno
Technology
Tecnology
Tennis
Travel & Tourism
Uncategorised
Weather
SentinelLabs – the threat intelligence and malware analysis division of SentinelOne – has found a new type of Clop ransomware for Linux operating systems.
Because this ransomware uses a faulty encryption method, it’s possible to unlock the files without paying the ransom. SentinelLabs has made a free decryptor tool available to unlock these files.
First Linux variant of Cl0p ransomware
SentinelLabs observed the first ELF variant of Cl0p (also known as Clop) ransomware targeting Linux systems on the 26th of December 2022. The new variant is similar to the Windows variant, using the same encryption method and similar process logic, though it contains small differences mostly attributed to OS differences such as API calls. It appears to be in its initial development phases as some functionalities present in the Windows versions do not currently exist in this new Linux version.
The mentioned sample appears to be part of a bigger attack that possibly occurred around the 24th of December against a University in Colombia. On the 5th of January the cybercrime group leaked victim’s data on their onion page.
The ELF executable contains a flawed encryption algorithm, making it possible to decrypt locked files without paying the ransom. SentinelLabs has published a free decryptor for the variant.
Ransomware groups show no signs of slowing down
Over the last twelve months or so, SentinelLabs has continued to observe the increased targeting of multiple platforms by individual ransomware operators or variants. The discovery of an ELF-variant of Cl0p adds to the growing list of the likes of Hive, Qilin, Snake, Smaug, Qyick and numerous others.
Cl0p operations have shown little if no slow-down since the disruption in June 2021. While the Linux-flavoured variation of Cl0p is, at this time, in its infancy, its development and the almost ubiquitous use of Linux in servers and cloud workloads suggests that defenders should expect to see more Linux-targeted ransomware campaigns going forward.
SentinelLabs continues to monitor the activity associated with Cl0p.
To read the full report please click this link.
The mentioned sample appears to be part of a bigger attack that possibly occurred around the 24th of December against a University in Colombia. On the 5th of January the cybercrime group leaked victim’s data on their onion page.
The ELF executable contains a flawed encryption algorithm, making it possible to decrypt locked files without paying the ransom. SentinelLabs has published a free decryptor for the variant.
Ransomware groups show no signs of slowing down
Over the last twelve months or so, SentinelLabs has continued to observe the increased targeting of multiple platforms by individual ransomware operators or variants. The discovery of an ELF-variant of Cl0p adds to the growing list of the likes of Hive, Qilin, Snake, Smaug, Qyick and numerous others.
Cl0p operations have shown little if no slow-down since the disruption in June 2021. While the Linux-flavoured variation of Cl0p is, at this time, in its infancy, its development and the almost ubiquitous use of Linux in servers and cloud workloads suggests that defenders should expect to see more Linux-targeted ransomware campaigns going forward.
SentinelLabs continues to monitor the activity associated with Cl0p.
To read the full report please click this link.