New Linux Ransomware gets beaten by Bitdefender

Bitdefender is the first IT security solutions provider that provides users a set of tools for decrypting files affected by ransomware virus running on Linux, designed to restore compromised files to the original version.

Software dangerous was identified for the first time last week and shall cover the workstations of system administrators in companies.

The virus called Linux.Encoder.1 first ransomware targeting Linux operating system has a behavior similar to CryptoWall, TorLocker other families operating on Windows.

Bitdefender Toolkit is provided by parsing code encryption and decryption operation running, followed by repair. If the operating system starts to attack compromised boot, download and run the script from here.

How the first Linux ransomware works:

As the mode of action of Windows, Linux.Encoder.1 uses a symmetric encryption algorithm (AES), which provides enough power and speed and keep to a minimum the resources consumed. The key is then encrypted with a symmetric asymmetric encryption algorithms (RSA) and added to the top, along with initialization vector used by AES.


Once the files have been encrypted, the Trojan tries to encrypt the file contents root (/), avoiding only critical system files, because the operating system is able to boot again. At that time, users have to pay a fee to take possession RSA code that decrypts on the AES. However, a weakness in how the virus was programmed Bitdefender allowed researchers to extract AES code without having to decrypt using RSA code.

Bitdefender’s security experts advise users to keep in mind some tips to reduce the risk of infection with ransomware:

  • Do not run applications that inspires confidence low. They may pose a security risk could compromise data integrity huge on your terminal

  • Make sure the back-up data from the terminal, in the cloud or on an external device.

  • If the device running a Linux operating system belongs to the company, install a security solution such as Bitdefender Gravity Zone. A blocking antimalware solution such threats before they succeed irreversibly encrypt files.

Be the first to comment

Leave a Reply