There is a new menace for Linux servers.
Looks like Linux has reached critical mass.
https://www.securitynewspaper.com/2019/ ... e-variant/
Since May, some 6700 servers have been held ransom for €294.xx Almost 2 million Euros.
What's the cure? So far, pay the ransom.
lilu ransomware for Linux servers
lilu ransomware for Linux servers
Thinkpad T430 & Dell Latitude E7450, both with MX-21.3.1
kernal 5.10.0-26-amd64 x86_64; Xfce-4.18.0; 8 GB RAM
Intel Core i5-3380M, Graphics, Audio, Video; & SSDs.
kernal 5.10.0-26-amd64 x86_64; Xfce-4.18.0; 8 GB RAM
Intel Core i5-3380M, Graphics, Audio, Video; & SSDs.
Re: lilu ransomware for Linux servers
another News Site:
https://securityaffairs.co/wordpress/90 ... erver.html
https://securityaffairs.co/wordpress/90 ... erver.html
Please use the check-mark icon to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.
Re: lilu ransomware for Linux servers
Here's the actual vulnerability that permits the ransomware to run as root and encrypt the files:
http://exim.org/static/doc/security/CVE-2019-15846.txt
It affects only mail servers using Exim that also have TLS enabled. Exim comes with TLS disabled by default but many distros' packages configure it as enabled.
So this isn't some kind of dire emergency situation that ordinary Linux desktop users need to worry about. It may possible affect your email service provider's server however, unless their sysadmins are keeping up with the latest security notices and patching their servers accordingly as they should be doing.
http://exim.org/static/doc/security/CVE-2019-15846.txt
It affects only mail servers using Exim that also have TLS enabled. Exim comes with TLS disabled by default but many distros' packages configure it as enabled.
So this isn't some kind of dire emergency situation that ordinary Linux desktop users need to worry about. It may possible affect your email service provider's server however, unless their sysadmins are keeping up with the latest security notices and patching their servers accordingly as they should be doing.
Please read the Forum Rules, How To Ask For Help, How to Break Your System and Don't Break Debian. Always include your full Quick System Info (QSI) with each and every new help request.
-
Head_on_a_Stick
- Posts: 919
- Joined: Sun Mar 17, 2019 3:37 pm
Re: lilu ransomware for Linux servers
Restore your backup. Any sysadmin who gets caught out by this deserves to pay, IMO.
The Debian exim4 package is fixed in stable & oldstable: https://security-tracker.debian.org/tra ... 2019-15846
mod note: Signature removed, please read the forum rules
Re: lilu ransomware for Linux servers
Maybe that's why they aren't charging so much?
Thinkpad T430 & Dell Latitude E7450, both with MX-21.3.1
kernal 5.10.0-26-amd64 x86_64; Xfce-4.18.0; 8 GB RAM
Intel Core i5-3380M, Graphics, Audio, Video; & SSDs.
kernal 5.10.0-26-amd64 x86_64; Xfce-4.18.0; 8 GB RAM
Intel Core i5-3380M, Graphics, Audio, Video; & SSDs.