The ransomware Ryuk, which has placed the entire city of New Orleans in a state of emergency and brought down computers of oil refineries, hospitals, schools and government institutions, now cease to encrypt Linux folders used in Windows 10.
But calm down, there is no kindness behind this decision of cybercriminals. Because if ransomware affected the Windows Subsystem for Linux (WSL) folders , which allow you to install multiple distributions of Linux as a virtual machine on Windows 10, the entire operating system would be compromised. This goes against the interests of the attackers because even with the payment for decrypting the data they cannot be recovered. Therefore, with all the platform compromised, the victim would have no reason to pay for the ransom.
Since May 2019, Windows 10 has allowed Linux to be installed directly as a virtual machine through the WSL feature. Functionality helps users who prefer Windows but also need a Linux environment. While there is no known variant of Ryuk to specifically target computers running Linux, users who use WSL on Windows are still at risk.
Now, with the new version of Ryuk, folders in the Ryuk ransomware target list (ie not encrypted in case of machine infection) now include:
- bin
- boot
- Boot
- dev
- etc
- lib
- initrd
- sbin
- sys
- vmlinuz
- run
- var
Threats such as Ryuk prevent user access to important computer files. To recover them, the criminals behind the attack require the host or network owner to pay a Bitcoins ransom to receive the program that can decrypt these files. The virus installs itself on machines like a trojan and is hidden as it spreads through most of the computers on the network before it runs.
Ransomware has already done a lot of damage in the United States and around the world. One of the cases was the attack on 110 nursing homes for the elders. Despite the recommendation not to pay the ransom to scammers, threats like Ryuk already add up to 705 bitcoins in five months, the equivalent of $3.7 million.
Source: Bleeping Computer