Can ransomware affect Linux-based operating systems?

Ransomware is one of the worst cyber threats out there today, moreover, there are several different types of ransomware , but all of them are geared towards hijacking all your data in order to get you to pay a ransom. This type of malware affects any operating system, although many of the attacks have targeted Windows operating systems, there are also many that are aimed at infecting a Linux-based operating system, so if you use Linux you are not safe from this threat. If you have already been infected by ransomware, our recommendation is that you try to recover the encrypted or encrypted files, but you should never pay the cyber criminals’ ransom.

Can ransomware affect Linux-based operating systems

Ransomware and the Linux operating system

The Linux operating system has a really low market share in desktop systems, that is, in desktop computers or laptops that we use regularly, whether for leisure or work. This operating system can be found above all in servers, in NAS and even in the operating system that uses the “cloud” to process all the data of users and clients. Cybercriminals know that if they are able to infect a Linux server or NAS, administrators are likely to pay a ransom if they don’t have all the data backed up. This makes Linux systems one of the top targets for any cybercriminal, as the loot can be too lucrative to let slip.

In recent years there have been dozens of ransomwares that affect Linux systems, their main targets are servers and NAS, to gain root access by exploiting different vulnerabilities, and then encrypting all the data to demand a ransom. For example, in the past there have been ransomware incidents on major NAS brands, which were exposed to the Internet and what cybercriminals were doing was exploiting an unresolved vulnerability in the system, once they were in the operating system as root. , they could not only encrypt the data, but also erase the snapshots that we have made and even execute backup tasks to “crush” the backups that we have previously made.

Usar antivirus en Linux

Another very important aspect is that this Linux malware can target Windows machines as well. We must bear in mind that the latest versions of Windows, both Windows 10 and Windows 11, have the Windows Subsystem for Linux (WSL), so you can run Linux binaries natively on the operating system. If we already have it installed and we get infected, they could encrypt all the data on our Windows system. In the case of not having it installed, if they take advantage of a vulnerability and enter the Windows system, then they could manually install WSL to later run the ransomware in question.

Finally, we must also be very aware of attacks specifically targeting Docker and Kubernetes exposed to the Internet. Deployments may be open to the world, and if one Docker gets compromised it could affect the rest of the Dockers and even the actual server’s file system, it all depends on how it’s configured at the network level and also with the volumes. virtual files that we pass to the container.

What can I do to protect my Linux from ransomware?

The first thing you should do is plan your backups properly. You must apply a 3-2-1 backup policy as soon as possible, that is, make three backup copies, in two different places to add data redundancy, and one of the copies that is offline on a hard drive, that is, that not connected to the Internet. Once we have made a good backup policy, it is very important to check that these backups are working correctly.

After making sure you have a good backup and restore policy in place, you should make the following recommendations and harden Linux:

  • Do not expose any service to the Internet directly. If it is necessary to expose any service, perform hardening to mitigate security flaws as much as possible.
  • Correctly configure the firewall. If your business is oriented to Spain, block the rest of the countries.
  • Configure the IDS/IPS to prevent possible intrusions in the system, it is one more security addition.
  • If you’re going to access remotely via SSH, better set up a VPN server first and then connect to SSH, or at least configure SSH as secure as possible.
  • Design a good log policy and send them to a remote server to keep them safe.
  • Enable SELinux or AppArmor to add another layer of security to all processes.

As you can see, ransomware affects both Windows and Linux equally, therefore, it is very important that you configure your Linux correctly and protect it well, to mitigate this type of dangerous attack.