As for how this Linux ransomware arrives, we can only infer that Erebus may have possibly leveraged vulnerabilities or a local Linux exploit. For instance, based on open-source intelligence, 2048 bitcoin scam sites’s website runs on Linux kernel 2. 2, which was compiled back in 2008.
Additionally, NAYANA’s website uses Apache version 1. 4, both of which were released back in 2006. It’s worth noting that this ransomware is limited in terms of coverage, and is, in fact, heavily concentrated in South Korea. These submissions can also indicate they were from other security researchers. The file is first scrambled with RC4 encryption in 500kB blocks with randomly generated keys. The RC4 key is then encoded with AES encryption algorithm, which is stored in the file.
The AES key is again encrypted using RSA-2048 algorithm that is also stored in the file. While each encrypted file has its RC4 and AES keys, the RSA-2048 public key is shared. These RSA-2048 keys are generated locally, but the private key is encrypted using AES encryption and another randomly generated key. Ongoing analysis indicates that decryption is not possible without getting hold of the RSA keys.
Office documents, databases, archives, and multimedia files are the usual file types targeted by ransomware. It’s the same for this version of Erebus, which encrypts 433 file types. Here is a table that shows the directories and system tablespaces that Erebus searches. Given the risks to business operations, reputation, and bottom line, enterprises need to be proactive in keeping threats like ransomware at bay.
We will update this post as more information from our analysis of this Linux ransomware become available. Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security. Read our security predictions for 2018. Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.
What’s the Deal With Vegetarians Who Hate Vegetables? Enter the terms you wish to search for. Thinking Outside the Box: A Misguided Idea The truth behind the universal, but flawed, catchphrase for creativity. Although studying creativity is considered a legitimate scientific discipline nowadays, it is still a very young one. If you have tried solving this puzzle, you can confirm that your first attempts usually involve sketching lines inside the imaginary square. The correct solution, however, requires you to draw lines that extend beyond the area defined by the dots.
The symmetry, the beautiful simplicity of the solution, and the fact that 80 percent of the participants were effectively blinded by the boundaries of the square led Guilford and the readers of his books to leap to the sweeping conclusion that creativity requires you to go outside the box. Overnight, it seemed that creativity gurus everywhere were teaching managers how to think outside the box. Management consultants in the 1970s and 1980s even used this puzzle when making sales pitches to prospective clients. Because the solution is, in hindsight, deceptively simple, clients tended to admit they should have thought of it themselves. There seemed to be no end to the insights that could be offered under the banner of thinking outside the box.
Indeed, the concept enjoyed such strong popularity and intuitive appeal that no one bothered to check the facts. No one, that is, before two different research teams—Clarke Burnham with Kenneth Davis, and Joseph Alba with Robert Weisberg—ran another experiment using the same puzzle but a different research procedure. Both teams followed the same protocol of dividing participants into two groups. The first group was given the same instructions as the participants in Guilford’s experiment.
The second group was told that the solution required the lines to be drawn outside the imaginary box bordering the dot array. Would you like to guess the percentage of the participants in the second group who solved the puzzle correctly? What’s more, in statistical terms, this 5 percent improvement over the subjects of Guilford’s original study is insignificant. Let’s look a little more closely at these surprising results. Solving this problem requires people to literally think outside the box. Yet participants’ performance was not improved even when they were given specific instructions to do so.