There’s a new crypto-ransom scheme currently in-the-wild targeting Linux-based systems. It’s called “Linux.Encoder.1” by the folks at Dr.Web. Basically, instead of setting up phishing sites or exploit kit redirects on vulnerable web-servers, the Linux.Encoder.1 extortionists are targeting the web-server owners directly by encrypting their content.
As a consequence, Google is indexing numerous victims.
Here’s a copy of the extortion note via Google’s cache.
“Can I pay another currency?”
So, hopefully victims of Linux.Encoder.1 have backups… or else they’ll be forced to acquire a Bitcoin. No word yet on whether or not the extortionists will honor payment with an actual decryption key. And their Tor hidden service is currently offline. Which is less then promising.
Edited To Add:
Daavid Hentunen, a researcher on our Threat Intelligence team, estimates the extortionists have made €11934 in 1 month.