A new Lilocked (Lilu) ransomware infects thousands of servers. We are patched!

A brand new ransomware has recently been detected to be exclusively focused on Linux-based servers. The so-known as Lilocked (or Lilu) ransomware has been intensively infecting thousands of servers for a few weeks now. We are glad to inform you that our servers are patched and your content is proof against infection.

Learn more about the nature and scope of the Lilocked (Lilu) ransomware.

What is the Lilocked (or Lilu) ransomware about?

Presently, it seems like the Lilocked ransomware is concentrated on Linux-based structures only.

The manner Lilocked acts is to gain root get entry to servers and encrypt specific file types types (like HTML, JS, CSS, PHP, and numerous picture files).

Due to the fact that no system documents are affected (which can be seemed as the lesser evil), an infected server could preserve to run generally, with out its administrator realizing it’s been hit.

An inflamed server may be diagnosed in that the majority of the files it hosts are encrypted and have a brand new “.lilocked” extension:

image source: https://www.zdnet.com/

The ransomware additionally leaves a #README.lilocked note in every folder with encrypted files instructing affected userd to access a certain website and pay a ransom and pay a ransom to have their documents decrypted:

image source: https://www.zdnet.com/

Most of the infected web sites on those servers were indexed and cached in Google search results which means that that their trust factor has been compromised.

What are the security measures needed to avoid Lilocked infection?

According to specialists, systems running an outdated version of the Exim (email) software might be most vulnerable to Lilocked infection.

However, this is just a hypothesis that is yet to be confirmed.

For now, specialists can only give generic security advice to server owners i.e. to avoid opening suspicious or unknown links and files, only download software from official sources, keep applications up to date with security patches, and use unique passwords for their accounts.

As mentioned earlier in the post, all servers across our platform are patched against the Lilocked infection so you can rest assured that your data is safe with us.

According to specialists, structures running an outdated model of the Exim (e-mail) software program might be most liable to Lilocked infection.

However, this is just a hypothesis that is yet to be confirmed.

For now, professionals can simplest give recommendation to server administrators i.e. to keep away from opening suspicious or unknown links and documents, download software program from official resources, keep applications up to date with security patches, and use strong passwords for their accounts.

As we said earlier in the post, all servers across our platform are patched in and safe from Lilocked contamination so you can rest assured that your statistics is secure with us.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top