When we browse the Internet, we are presented with many threats that can put our computers at risk. Keep in mind that this is something that can affect all types of devices and operating systems. In this article we echo Ensiko , a very complete new threat that can compromise Windows, Linux and macOS systems. It is a new malware with the ability to encrypt systems .
Ensiko, the new threat that puts many teams in check
As we say, Ensiko is a new malware that can affect Windows, Linux and macOS systems . It is a web shell written in PHP and that can be used to control a computer remotely, as well as execute a large number of malicious actions.
It is a problem that puts the web servers of these operating systems in check. It has a wide range of possibilities, since it is a very complete malware. However, the main one, the most dangerous and that can affect users the most, is that it has the ability to encrypt files. It could be used to deploy ransomware against servers .
As we know, ransomware is one of the worst types of threats that we can find on the network. The goal is to encrypt files or systems and then ask the victim for a ransom so that they can have full control over that computer again. It is a type of malware that has been perfected over time and it is essential that we avoid being victims.
Trend Micro security researchers have analyzed this threat. They have discovered that it uses the uses Rijnadel-128 symmetric encryption in CBC mode to encrypt files.
What Ensiko does is encrypt the files in a web shell directory and subdirectories and add the .BAK extension to the processed files.
Malware is password protected
Another issue found by Trend Micro is that this malware is capable of password protection. In this way they achieve secure access and avoid taking control if someone were to replace the malware payloads.
Ensiko can load various tools that the malware downloads and stores them in a directory called “tools_ensikology”. One of the functions of this threat is called Steganologer , which can identify image files that have code in their metadata (EXIF headers). The code is extracted and executed on the compromised server.
They also found that Ensiko can verify if a web shell from a predefined list is present on a remote host. Another scanning function called Remote File Check allows the operator to search for arbitrary files on a remote system.
Also keep in mind that malware allows hackers to execute brute force attacks on FTP, cPanel and Telnet, allowing them wide access.
In short, we are facing a new threat that compromises different systems. As we see, cybercriminals constantly improve the way they attack computers. It is vital that we protect ourselves properly. You can see tips to avoid the entrance of malware.