I am not very familiar with Clop ransomware but I have heard of it. I was just shocked to hear about it being found on Linux. I know it is possible and there have been viruses and such but it seems to rare that I never consider it being an issue on Linux.
The Linux version is designed to single out specific folders and file types for encryption, with the ransomware containing a hard-coded master key that can be utilized to recover the original files without making a payment to the threat actors.
It seems we should all be aware of this and keep an eye on it as things are suggesting it will only keep happening and improve with time.
You can read more about it on Hacker News.
The targeted people were able to recover their files at least because the people that made it messed up. I know on Windows it is one of the worst ransomwares to deal with. I would guess this was not the first attempt on Linux and as you said, won’t be the last. I think this serves as a lesson to anyone working with encryption at the very least.
Well, the good thing about Linux is that it is open source and there will always be people with their eyes out for stuff like this and will quickly remedy it. It is still something to be aware of as a lot of people get Linux and assume there is no virus threat whatsoever. It is just far less likely but there is still a chance.
It figures, as people realize Linux is everywhere they are going to start targeting it more. Hopefully Linux won’t become so “standardized” like Windows so not every distro puts thing in the same place. Then if/when that happens WATCH OUT!
I am not too worried about people making these, I am more concerned with users that don’t have enough experience to get caught up in the middle. A majority of Windows users that end up with ransomware are either very phone oriented users (younger adults and teens) or older adults that only have basic computer knowledge and safety.
I wonder how this would affect the containerized operating systems, I believe Fedora Silverblue is one of those but I may be mistaken.
This is also a good reason to use Flatpaks and Snaps (I guess), I think the way they are set up makes it much more difficult for malware, assuming you don’t allow all permissions.
I was hoping to learn what user behavior allowed their machine to catch Clop, but the article didn’t say (or I missed it). Anyone know?