Nov 09, 2020 23:00:00

Brazil's Supreme Court closed for ransomware, the first major Windows ransomware to switch to Linux

On November 3, 2020, the Brazilian Supreme Court was suspended for a week following a massive cyberattack. Research by security researchers has revealed that the

cyberattack used ransomware, RansomEXX , which said, 'This is why the major ransomware that is rampant in the Window has targeted Linux. It is reported that it is the first time.

STJ
https://www.stj.jus.br/

RansomEXX Trojan attacks Linux systems | Securelist
https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/

Warning: Major Windows Ransomware Gang Makes Its Way to Linux | Tech Times
https://www.techtimes.com/articles/253946/20201106/warning-major-windows-ransomware-gang-makes-way-linux.htm

The Supreme Court of Justice (STJ) , the highest court in Brazil that does not deal with constitutional issues, said on November 4th that the judicial system was infected with the virus on the 3rd of the previous day. because it turns out, that you are interrupting the business announcement was. As a result, it has been decided that STJ's operations will be suspended for a week from November 3rd to 9th.

STJ Secretary

Humberto Martins said in a statement yesterday that 'cyberattacks are blocking access to data through encryption, but with backups, data related to ongoing statutory procedures will be affected. I didn't receive it. ' However, US news site ZDNet reported on November 6 that data encryption extends to backups, and the case is called 'the worst cybersecurity incident in Brazil's history.'

Security company Kaspersky, which was analyzing the matter, released a report on November 6 that 'RansomEXX for Linux was used for cyber attacks on STJ.'

Below is a screenshot of the RansomEXX code used to attack STJ (left) and the RansomEXX code used to attack the Texas Department of Transportation (right). Kaspersky security researchers pointed out that the layout of the code in the two ransomware and the procedure for encrypting files are very similar: 'Similarity despite being built on different compilers and different platforms. Is very obvious. '

According to a report by Kaspersky security researchers Fedor Sinitsyn and Vladimir Kuskov, RansomEXX has been rampant since early 2020, with Texas Department of Transportation and electrical equipment maker Konica Minolta being targeted by RansomEXX. It is said that it is.

RansomEXX has also been identified as damaging a wide variety of organizations and companies, including laser weapons maker IPG Photonics and major American software maker Tyler Technologies specializing in the public sector.

'Kaspersky's report reveals that the Linux version of RansomEXX is the first major Windows ransomware ported to Linux,' said Tech Times, a tech news site that covered the issue. I reported.

According to Tech Times, RansomEXX is targeting government organizations and large corporations one after another for the purpose of a large ransom, so among security researchers, 'big-game hunter' 'human-operated ransomware (human-operated ransomware) It is called 'human-operated ransomware)'.

Ransomware, which previously targeted servers running on Windows, targeted Linux, Tech Times said: 'Many companies actually run their internal systems directly on Linux instead of Windows Server. Therefore, the movement of RansomEXX could soon become a trend that dominates the industry. '