Researchers at Emsisoft and Kaspersky have documented a new ransomware strain called RansomEXX, which has been creating a new trend in the community. The groups seem to be making a Linux variant of its ransomware malware, directed at core infrastructure components like the servers rather than compromising the workstations.
Targeting Servers Rather Than Workstations
Itโs common that Ransomware groups, just like any other, shift to new strategies to make their work successful. Since last year, they have adapted to a double extortion strategy after being started by the Maze groupย to steal sensitive data before encrypting the systems to threaten them into paying the ransom.
While this worked till today, some companies arenโt bothering and are now either backing up or remedying the attacked situations anyway. Thus, a relatively new ransomware group has now developed a new plan to force than even deeper. Named RansomEXX, researchers link this group to many cyberattacks till now.
Started in June this year, itโs responsible for Tyler Technologies, Montrealโs public transportation system, Texas Department of Transportation, Brazilโs court system, and Konica Minolta. They call this group a โhuman-operated ransomwareโ or the โbig-game hunterโ since they targeted specifically and with more concentration.
Since they knew victims can cope with comprised workstations but canโt live without accessing their data, RansomEXX has started targeting such core components that show the real effect. As itโs observed that companies store their sensitive data in servers, which run on Linux rather than Windows server OS these days, RansomEXX has made a Linux malware to hit them.
This isnโt new; itโs just the Linux variant of its existing Windows malware and made because companies rectify the compromised workstations in tough times but give up when the core data serving servers are compromised. Watching them, another ransomware group named Mespinoza (Pysa) has made a Linux variant malware too. You can learn more about RansomEXX here.