Researchers discovered a new Hive ransomware variant that encrypts Linux and FreeBSD. An earlier analysis of the Windows variant had strong indicators that that the group may be able to infect other operating systems. The latest research now confirms those suspicions. “Just like the Windows version, these variants are written in #Golang, but the strings, package names and function names have been obfuscated, likely with gobfuscate,” ESET Research Labs stated. Currently, the Linux variant appears to still be under development and not yet fully featured.
The research demonstrates that threat actors are evolving as organizations rapidly migrate to cloud environments, many of which run on Linux. Additionally, virtual machines such as VMware ESXi are targeted, which is a popular enterprise virtual machine platform. By targeting virtual machines, the operators can encrypt multiple servers at once with a single command. However, as most organizations continue to use Windows, it remains to be the attack vector of choice.
Linux x86-64 ELF : 77D7614156607B68265B122FB35A1D408625CB96
FreeBSD x86-64 ELF: 10BD0F1D3122D6575E882BA8F025EB11B0A95B61
Ransomware gangs will continue seeking new market opportunities as organizations grow and shift. As a first line of defense, all systems should be well managed and maintained.
Additional prevention measures include:
* Update software regularly.
* Remove single points of failure by backing up critical data and diversifying the storage media.
* Assign least privileges needed for users.
* Use network segmentation.
* Adopt a strong password policy.