Thousands Of Linux Servers Has Been Infected By a New Lilu Ransomware

by
Thousands Of Linux Servers Has Been Infected By a New Lilu Ransomware

A new ransomware named Lilu or Lilocked has infected thousands of Linux web servers making their files encrypted. The ransomware started infecting the web servers back in mid- July and has reached its peak in the last two weeks.

This ransomware attack came to the limelight when some users uploaded the Lilocked ransom note or demand on ID Ransomware. For your knowledge ID Ransomware is a website mainly used for identifying the name of the ransomware which infected the victim’s system.

The Lilu ransomware targets the web servers and gains the root access. However, we are still unaware of the mechanism of this ransomware. A Russian speaking forum’s thread says that the attackers are mainly targeting the Linux devices running outdated Exim software. Here, Exim is an email software.

What’s the aim behind this ransomware attack?

The attackers want to make money by infecting the servers files and encrypting them. They are demanding 0.03 Bitcoin or 325 dollars from the victim for decrypting the infected file.

lilocked-files

What actually happening is that when a web server gets attacked, the files stored in the servers are encrypted and includes a “.lilocked” file extension. There is also a note along with the encrypted files which read- “I’ve encrypted all your sensitive data!!! It’s a strong encryption, so don’t be naive to restore it;)”

website to decrypt locked files

You will find a key in the note which you need to enter or paste into the box provided when you visit the link given in the note. This link will take you to a web page on the dark web and when you enter the key here, you will be prompted to make a payment of 0.03 Bitcoin or 325 dollars in the Electrum wallet if you really want to get you all your files decrypted.

lilocked- payment demand

More About The Ransomware Attack

It is to be noted that Lilock ransomware does not infect the system files. But it does affect files with extensions like HTML, SHTML, JS, CSS, PHP, INI, and other image formats. As the system files are not getting affected by the ransomware, the infected Linux systems are running normally.

According to Benkow, a French security researcher more than 6,700 servers have been affected till now and it’s still counting.

  • How to protect your PC from ransomware?
  • WhatsApp Web – how to use WhatsApp Web on PC, tablet and phone and the best tricks
  • A New Android Ransomware Has Been Found By ESET Researchers; Spreads Via SMS
  • How to Use WhatsApp on PC and Laptop For Convenience and Security
  • 10 Best Twitter Apps For Android in 2024
  • WhatsApp Web vs WhatsApp Desktop – Which One Should You Use
  • Free VPN For PS4 in 2024 – Change Your Location Easily
  • Latest way To Find Twitter Username History in 2024
  • Restore your PC after a virus or malware attack
  • 20 Best WhatsApp Themes to customize your chats in 2024
    • author image

    About Author

    Samuel Afolabi is a lazy tech-savvy that loves writing almost all tech-related kinds of stuff. He is the Editor-in-Chief of TechVaz. You can connect with him socially :)

    Leave a Comment

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    TechVaz.com is a professional review site that receives compensation from the companies whose products we review. We test each product thoroughly and give high remarks to only the very best. We are independently owned and the opinions expressed here are our own. We are also a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. See our Affiliate Disclosure page.