LiLocked Ransomware Currently Encrypting Thousands of Servers
CYBER NEWS

LiLocked Ransomware Currently Encrypting Thousands of Servers

LiLocked ransomware, also known as LiLu, is once again active in campaigns, this time affecting thousands of web servers. This is a new strain of the LiLocked ransomware which we wrote about in July this year.




LiLocked Ransomware Currently Targeting Linux-Based Systems

According to security researchers, the ransomware is currently targeting only Linux-based systems but the method of infection is still unknown. According to information spotted on a Russian forum, the ransomware operators could be targeting systems running outdated Exim software.

In fact, Exim vulnerabilities are often targeted by attackers, as evident by several recent cases. One such attack attempted to infect targeted Exim servers with the so-called Watchbog Linux Trojan. Infected hosts became part of a botnet which was mining for Monero cryptocurrency.

As for the current case, it is highly possible the ransomware manages to get root access to infected servers. Infected servers have their files encrypted, and have the .lilocked file extension. It is important to note that the ransomware does not encrypt system files. Instead, it encrypts HTML, SHTML, JS, CSS, PHP, INI files, as well as and several image file formats. This fact means that the compromised servers continue to run normally.

There may be more than 6,700 servers encrypted by LiLocked, according to security researcher known as Benkow on Twitter. The actual number of infected hosts is most likely much bigger.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...