![\"These](\"https:\/\/education.telefony-taksi.ru\/wp-content\/uploads\/sites\/664\/2023\/04\/er1-verwendet-berechenbaren-dcd6c8b.png\")
<\/p>\nA short time ago, a ransomware was discovered that targeted Linux users. One has the malware named Linux.Encoder.1 denoted.<\/p>\n
If the malicious code was able to infect a server or computer, various files were encrypted. To obtain the key, the cyber extortionists demanded a bitcoin.<\/p>\n
However, it must also be said that you can actually only get infected through your own fault. An administrator must run the file with root privileges and only then can Linux.Encoder.1 to make its mischief.<\/p>\n
Fortunately, there are clever minds not only on the dark side of digital power, but also the others have something up their sleeve. In this case it is Bitdefender Labs.<\/p>\n
The company reports that you don't need to crack RSA if you can guess the key.<\/p>\n
The developers have made a mistake, which the experts at Bitdefender noticed when they downloaded a sample of Linux.Encoder.1 taken under closer scrutiny.<\/p>\n
The AES key is generated locally on the victim's computer. Now you have a bit of reverse engineering on Linux.Encoder.1 and looked at how the key and initialization vector are generated. Instead of taking completely random keys and IVs, the malware took this information from the rand() function plus the timestamp of when the file was encrypted. Now you already had a big piece of the puzzle, as you can obtain this timestamp from the encrypted file. It is quite a flaw in the design because you can get the AES key without having to buy the public RSA key.<\/p>\n
Who from Linux.Encoder.1 is infected, can now have his system automatically decrypted – or the files restored to the state before encryption with the malicious code. The tool determines the IV and the key by simply analyzing the file. If you can start a compromised system, you should download the script and run it as superuser root.<\/p>\n
It may be that the entire system is compromised and simply won't boot up. In this case you have to boot from a live CD.<\/p>\n
<\/p>\n
With these files Linux.Encoder.1 beat<\/p>\n
Bitdefender writes that the task is not necessarily trivial. For this reason, they offer free support for all users who need help in this case. One should simply use the comment form on the page.<\/p>\n
Linux.Encoder.1 was the first malware or ransomware of its kind for Linux. The cybercriminals will most likely try this again and certainly learn from their own mistakes. For the moment, it seems that careless administrators will get off lightly. They should also learn and have backups accordingly in the future and if you are going to use software from dubious sources, try something like this on a test system first.<\/p>\n","protected":false},"excerpt":{"rendered":"
A short time ago, a ransomware was discovered that targeted Linux users. One has the malware named Linux.Encoder.1 denoted. If […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[135],"tags":[],"yoast_head":"\n