I don’t think any Linux Distro comes with virus protection, tho Ubuntu 20.04 LTS has been working with Microsoft to improve security on their Linux OSes. Looks like European educational institutions are a major target of these hackers … lots of Linux computers there.
- Consulting giant KPMG’s incident response unit was called in to run the recovery effort at an unnamed European educational institute hit by a ransomware attack.
- BlackBerry’s researchers said that a hacker broke into the institute’s network using a remote desktop server connected to the internet, and deployed a persistent backdoor in order to gain easy access to the network after they leave.
- The researchers said it was the first time they’ve seen a ransomware module compiled into a Java image file format, or JIMAGE. These files contain all the components needed for the code to run — a bit like a Java application — but are rarely scanned by anti-malware engines and can go largely undetected.
- The researchers said the module had code that allows the ransomware to run on both Windows and Linux computers.
- BlackBerry’s Eric Milam and Claudiu Teodorescu told TechCrunch that they have observed about a dozen “highly targeted” Tycoon infections in the past six months, suggesting the hackers carefully select their victims, including educational institutions and software houses.
Researchers said the number of infections are probably much higher than what they have found so far … and in a large institution they can easily go unnoticed. They also mention “software houses” but give no details on whom.
I’ll add this to my *Linux Security Issues* page…