Palo Alto Reports that Ransomware Found on OSX
-
Palo Alto, the large security appliance vendor, reports that ransomware has now been found on Apple Mac OSX clients.
-
You're not safe anymore MAC users. Does that leave anyone untouched? I'm pretty sure I read that Linux was hit several months ago - though I'm guessing it might be flavor dependent.
-
@Dashrender said:
You're not safe anymore MAC users. Does that leave anyone untouched? I'm pretty sure I read that Linux was hit several months ago - though I'm guessing it might be flavor dependent.
Nope, Linux was not affected. There was a FUD article trying to make it sound that way, but there wasn't anything to it. It was a scam article. Linux remains without an "in the wild" ransomware system that anyone has seen.
-
Basically what the Linux articles were saying, and this is where tricky marketing comes in to fool IT folks, is that if you are the admin on a system, and you use encryption technology, you can hold the business ransom. Well duh. It wasn't ransomware, it was just "if you lose root access to your system, someone could encrypt it." Yup, that's how encryption works.
It was incredibly click bait and scammy to try to make it sound something like ransomware when it was nothing like it.
They might as well have said "the power company can cut your power and make you pay to turn it back on." Um, right, we knew that. They add the "if you run Linux" to something where that doesn't matter to make it sound like a Linux problem. No different than calling BitLocker ransonware.
-
-
@Dashrender said:
http://www.zdnet.com/article/crypto-ransomware-strikes-linux-but-attackers-botch-private-key/
So this is wrong?
It's not exactly wrong, but it is very misleading. It's not Linux affected, it's the application running on it. Unless I've missed something, it looks like what I've seen before, an application getting compromised and people reporting it as a risk to the OS when the OS remains secure.
-
Not that many Windows ransomware attacks are not similar, but this is, if you look, a compromise specifically in Magento which, while not uncommon, I've literally never seen a company running and is not part of any Linux system. The compromise only encrypts the Magento files, I believe, nothing else. It is an attack that gets the application to encrypt itself.
-
@scottalanmiller said:
FUD
I'm sad to say I had to look this up, and it wasn't nearly what I thought it would be.
