Researchers at Emsisoft and Kaspersky have documented a new ransomware strain called RansomEXX, which has been creating a new trend in the community. The groups seem to be making a Linux variant of its ransomware malware, directed at core infrastructure components like the servers rather than compromising the workstations.
Targeting Servers Rather Than Workstations
It’s common that Ransomware groups, just like any other, shift to new strategies to make their work successful. Since last year, they have adapted to a double extortion strategy after being started by the Maze group to steal sensitive data before encrypting the systems to threaten them into paying the ransom.
While this worked till today, some companies aren’t bothering and are now either backing up or remedying the attacked situations anyway. Thus, a relatively new ransomware group has now developed a new plan to force than even deeper. Named RansomEXX, researchers link this group to many cyberattacks till now.
Started in June this year, it’s responsible for Tyler Technologies, Montreal’s public transportation system, Texas Department of Transportation, Brazil’s court system, and Konica Minolta. They call this group a “human-operated ransomware” or the “big-game hunter” since they targeted specifically and with more concentration.
Since they knew victims can cope with comprised workstations but can’t live without accessing their data, RansomEXX has started targeting such core components that show the real effect. As it’s observed that companies store their sensitive data in servers, which run on Linux rather than Windows server OS these days, RansomEXX has made a Linux malware to hit them.
This isn’t new; it’s just the Linux variant of its existing Windows malware and made because companies rectify the compromised workstations in tough times but give up when the core data serving servers are compromised. Watching them, another ransomware group named Mespinoza (Pysa) has made a Linux variant malware too. You can learn more about RansomEXX here.