Poorly secured or vulnerable Linux web servers have always been valuable resources for their versatility in hosting or distributing threats.
Security firms DrWeb and BitDefender have identified three different versions of the Linux server ransomware, one dating back to August.
We stumbled upon a possible new variant spotted as early as November 21st. It went through several iterations starting with a low $50 BitCoin ransom which changed to $100,$200, $300, $400, $500 all the way up to $999.
In one particular instance, the author left an additional message in Russian:
The text roughly translates to: “If your site is in a zone of Russia and the CIS, we are willing to apologize and decrypt files for free. Also, just drop us an email“.
Attacks against websites are almost always automated and it looks like the author behind this is giving a free pass to fellow citizens who may “inadvertently” get their sites encrypted.
We will update this post if we come across additional information about this threat.