Lilu / Lilocked Ransomware Attacks

Posted by Jay Bartlett September 10, 2019 8:41 am Categories: Cyber Security Tags: Chris Gerritz, Infocyte, Lilocked, Lilu, Linux servers.

Lilu (also known as Lilocked), a new strain of ransomware, has now infected thousands of Linux servers since mid-July.

Chris Gerritz, the co-founder of Infocyte, a pioneer in proactive threat detection and incident response, is available to comment on these attacks. Chris, the U.S. Air Force CERT’s former chief of defensive counter-cyber operations, notes:

“The ransomware itself is not different from other versions of ransomware like Ryuk except that it targets Linux-based servers and locks files with the lilocked extension (hence the name). The 6,000 servers reported as affected were reported by Google simply because Google had indexed .lilocked files on 6,000 public web servers. As a result, it is assumed there are many more affecting and being affected.

The entry vector is still unconfirmed but there are several severe vulnerabilities that were reported recently in the sub-components of all these web servers. In particular, a vulnerability in the Exim Email Transfer Agent used by 57% of all websites (over 519K web servers). Such vulnerability was found earlier this year and used by hackers nearly immediately. This latest one: CVE-2019-15846 reported on September 2, 2019, allows a remote attacker to execute programs (like Lilocked ransomware) with root privileges.
- “If your Exim server accepts TLS connections, it is vulnerable” – CVE-2019-15846 (2019-09-02)https://exim.org/static/doc/security/CVE-2019-15846.txt
- “Just three months ago, Exim also patched a severe remote command execution vulnerability, tracked as CVE-2019-10149, that was actively exploited in the wild by various groups of hackers to compromise vulnerable servers.” –https://thehackernews.com/2019/09/exim-email-server-vulnerability.html

Even though a patch has been made available, we will see many more compromises like this using this vulnerability. Because the vulnerability allows any arbitrary program to be run by a hacker, web server admins should inspect their servers for backdoors as well which won’t be as visible as this ransomware.

Source: infocyte.com

0 Comments

How An Innovative Control Room Can Help Secure The Budding Cannabis Market

It’s no secret that the cannabis industry is growing. Numerous states across the United States, from California to Maine, have legalized recreational cannabis, with 33 total states allowing cannabis for medicinal uses. And it’s not just the United States that’s seeing this trend: Canada’s official legalization of recreational cannabis took effect last October. This growth is leading to incredible opportunities in the industry, with the global market valued at $10.3 billion in 2018 and projected to reach $39.4 billion by 2023. This market opportunity expands far beyond the companies that directly deal with the cannabis plant, with numerous adjacent businesses on track to experience benefits.