Hive Ransomware Hitting Linux and FreeBSD Systems
Slovak security firm, ESET, has discovered versions of the Hive ransomware for both Linux and FreeBSD systems. However, the encryptors that have been developed for these systems are still in development and are quite buggy. In fact, according to ESET researchers, both encryptors completely fail when the malware payload is executed with an explicit path. And in comparison to the Windows version of Hive, the Linux/FreeBSD iteration only includes one command-line parameter (-no-wipe). When executed without root permission, the Linux variation of Hive fails to trigger the encryption, because it isn't capable of injecting the ransom note into the device's root file system.
Hive is a ransomware group that has already affected more than 30 organizations but only counts their victims among those who have refused to pay the ransom to get their data back. According to Fabian Wosar, "The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically." ESXi is VMware's bare-metal hypervisor.
Because of the continued rise of targeting Linux systems with ransomware, it has become even more important that admins keep their systems up to date and make use of tools like Rootkit Hunter.
Read the original Tweet thread from ESET research on the issue.