Hive Ransomware Hitting Linux and FreeBSD Systems

By

Security firm ESET has discovered new Hive encryptors for Linux and FreeBSD systems...with a caveat.

Slovak security firm, ESET, has discovered versions of the Hive ransomware for both Linux and FreeBSD systems. However, the encryptors that have been developed for these systems are still in development and are quite buggy. In fact, according to ESET researchers, both encryptors completely fail when the malware payload is executed with an explicit path. And in comparison to the Windows version of Hive, the Linux/FreeBSD iteration only includes one command-line parameter (-no-wipe). When executed without root permission, the Linux variation of Hive fails to trigger the encryption, because it isn't capable of injecting the ransom note into the device's root file system.

Hive is a ransomware group that has already affected more than 30 organizations but only counts their victims among those who have refused to pay the ransom to get their data back. According to Fabian Wosar, "The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically." ESXi is VMware's bare-metal hypervisor.

Because of the continued rise of targeting Linux systems with ransomware, it has become even more important that admins keep their systems up to date and make use of tools like Rootkit Hunter.

Read the original Tweet thread from ESET research on the issue.

11/02/2021
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=