IceFire Ransomware Targeting Linux Distributions

Date:

March 9, 2023

World map

Overview

Title

IceFire Ransomware Targeting Linux Distributions

Victim

Linux Systems

Attacker

IceFire

Location

, USA

,

Size of Attack

Unknown/TBD

First Reported

March 9, 2023

Last Updated

October 31, 2022

The IceFire ransomware group has added capabilities designed to target Linux systems and has attacked several media sector organizations.

“The attacks leverage an exploit for a recently disclosed vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986),” TheHackerNews reported.

“The ransomware binary targeting Linux is a 2.18 MB 64-bit ELF file that's installed on CentOS hosts running a vulnerable version of IBM Aspera Faspex file server software. It's also capable of avoiding encrypting certain paths so that the infected machine continues to be operational.”

Takeaway: This is just the latest evidence of a rapidly growing trend where ransomware threat actors are expanding their capabilities to include attacks on Linux distributions. While this may seem trivial, with groups like IceFire, LockBit, Black Basta and Cl0p targeting Linux environments, we can expect some attacks to cause widespread disruptions across several key sectors, impacting a larger population of collateral victims.

Attackers have limited resources and make strategic decisions based on anticipated ROI, so they traditionally focused on Windows because it is deployed on most systems. Linux runs approximately 80% of web servers, most smartphones, supercomputers, and many embedded and IoT devices used in manufacturing. Linux is also favored for large network applications, and data centers and drives most of the U.S. government and military networks, our financial systems, and even the backbone of the internet.

Attacks on Linux systems are potentially devastating. These attacks could have a broad impact like the disruption experienced from the Colonial Pipeline attack. The "always on" nature of Linux systems not only provides a strategic beachhead for moving laterally throughout the network, but attacks on Linux systems would also disrupt the most critical parts of an organization's network. Thus, attackers can demand higher ransom amounts.

While attacks on Windows systems make for a bad day or week, attacks on Linux systems could make for bad weeks or months - we should all be monitoring this trend closely.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.

While attacks on Windows systems make for a bad day or week, attacks on Linux systems could make for bad weeks or months...

Oh no!

This attack's description was not found, while we work on the detailed account of this attack we invite you to browse through other recent Rasomware Attacks in the table below.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.

Cactus attacks Tormax USA
Date
September 7, 2023
Ransomware group
Cactus
Location

San Antonio, USA

Texas, USA

Industry
Manufacturing
Victim
Tormax USA
Cactus attacks Tormax USA
Date
September 7, 2023
Ransomware group
Cactus
Location

San Antonio, USA

Texas, USA

Industry
Manufacturing
Victim
Tormax USA
LockBit attacks Onyx Fire Protection Services
Date
September 6, 2023
Ransomware group
LockBit
Location

Mississauga, Canada

Ontario, Canada

Industry
Professional, Scientific & Technical Services
Victim
Onyx Fire Protection Services
LockBit attacks Onyx Fire Protection Services
Date
September 6, 2023
Ransomware group
LockBit
Location

Mississauga, Canada

Ontario, Canada

Industry
Professional, Scientific & Technical Services
Victim
Onyx Fire Protection Services
LockBit attacks Protoshop
Date
September 6, 2023
Ransomware group
LockBit
Location

Milan, Italy

Lombardy, Italy

Industry
Retail Trade
Victim
Protoshop
LockBit attacks Protoshop
Date
September 6, 2023
Ransomware group
LockBit
Location

Milan, Italy

Lombardy, Italy

Industry
Retail Trade
Victim
Protoshop
LockBit attacks Ragasa
Date
September 6, 2023
Ransomware group
LockBit
Location

Monterrey, Mexico

Nuevo Leon, Mexico

Industry
Accommodations & Food Services
Victim
Ragasa
LockBit attacks Ragasa
Date
September 6, 2023
Ransomware group
LockBit
Location

Monterrey, Mexico

Nuevo Leon, Mexico

Industry
Accommodations & Food Services
Victim
Ragasa
Knight attacks Solano-Napa Pet Emergency Clinic
Date
September 6, 2023
Ransomware group
Knight
Location

Fairfield, USA

California, USA

Industry
Other
Victim
Solano-Napa Pet Emergency Clinic
Knight attacks Solano-Napa Pet Emergency Clinic
Date
September 6, 2023
Ransomware group
Knight
Location

Fairfield, USA

California, USA

Industry
Other
Victim
Solano-Napa Pet Emergency Clinic
LockBit attacks The Noble Group
Date
September 6, 2023
Ransomware group
LockBit
Location

Lancaster, USA

Pennsylvania, USA

Industry
Real Estate
Victim
The Noble Group
LockBit attacks The Noble Group
Date
September 6, 2023
Ransomware group
LockBit
Location

Lancaster, USA

Pennsylvania, USA

Industry
Real Estate
Victim
The Noble Group
Akira attacks Energy One
Date
September 6, 2023
Ransomware group
Akira
Location

Eastwood, Australia

Adelaide, Australia

Industry
Other
Victim
Energy One
Akira attacks Energy One
Date
September 6, 2023
Ransomware group
Akira
Location

Eastwood, Australia

Adelaide, Australia

Industry
Other
Victim
Energy One
LockBit attacks Gorman and Company
Date
September 6, 2023
Ransomware group
LockBit
Location

Oregon, USA

Wisconsin, USA

Industry
Real Estate
Victim
Gorman and Company
LockBit attacks Gorman and Company
Date
September 6, 2023
Ransomware group
LockBit
Location

Oregon, USA

Wisconsin, USA

Industry
Real Estate
Victim
Gorman and Company
INC Ransom attacks It4 Solutions Robras
Date
September 6, 2023
Ransomware group
INC Ransom
Location

Oakland Park, USA

Florida, USA

Industry
Information & Technology
Victim
It4 Solutions Robras
INC Ransom attacks It4 Solutions Robras
Date
September 6, 2023
Ransomware group
INC Ransom
Location

Oakland Park, USA

Florida, USA

Industry
Information & Technology
Victim
It4 Solutions Robras
LockBit attacks Meroso Foods
Date
September 6, 2023
Ransomware group
LockBit
Location

Ramsdonk, Belgium

Kapelle-op-den-Bos, Belgium

Industry
Accommodations & Food Services
Victim
Meroso Foods
LockBit attacks Meroso Foods
Date
September 6, 2023
Ransomware group
LockBit
Location

Ramsdonk, Belgium

Kapelle-op-den-Bos, Belgium

Industry
Accommodations & Food Services
Victim
Meroso Foods