17

Due to the recent media coverage of ransomware attacks several people for whom I've provided personal computer support in the past have expressed concerned. The majority of these people are running either Ubuntu or Kubuntu linux, but not all are fully patched and up to date.

Are Linux systems in general, and Ubuntu-derived systems in particular, vulnerable to any known ransomware attacks in the wild? I intend to help these people patch, update, and properly backup their systems. However, some of these will take time for me to get to so I need to know how much of a priority to put on this.

I stress that I have a personal relationship with these people, not a business relationship. All entities that I have provided professional Linux desktop support for already have backup systems in place, including test restorations to independent systems. I am evaluating now the possibility that the malware may encrypt the backups as well, of course. That is a priority!

dotancohen
  • 3,698
  • 3
  • 24
  • 34

3 Answers3

13

Actually there IS a new ransomware (now, not when the question was asked) that is apparently a trojan that encrypts home directories and web root, then asks for a bitcoin to get the decryption key. I can't find any information yet about what the trojan is coming in as, or how it's supposed to be spreading. Basically, stick to the official Ubuntu repositories to get your software and you should be fine.

http://techcrunch.com/2015/11/06/linux-ransomware-is-now-attacking-webmasters/

Tony Maro
  • 271
  • 2
  • 2
  • Lol, no full drive encryption? That's kinda sad since everyone who has more than one hard drive is gonna store their important files on the second drive (other is just silly, especially if you have an SSD as your main drive...) – Cestarian Apr 26 '16 at 13:54
8

If you speak typically about Ubuntu then the answer is no. There has not been developed any such nefarious software yet.

If you talk about Unix-based systems then we can mention only one by now:

It is coded to run on both 32-bit and 64-bit systems, which increases its chances of running on whatever computer it infects, Carter said. Newer versions of Mac OS X and Windows are 64-bit operating systems.

3

So far, there aren't examples of ransomware in the wild targeting Linux (and especially Ubuntu). In general, Linux malware is near to non-existent.

Community
  • 1
dr_
  • 5,060
  • 4
  • 19
  • 30
  • 1
    Unless are using Wine or Windows virtual box machines... :-) –  Aug 10 '15 at 12:53
  • 3
    The accepted answer to the linked question states that Linux malware is less common than Windows malware due to the fact that Windows users typically have elevated privileges. However this does not seem to be a factor for ransomware, a regular user account can encrypt his own files. – dotancohen Aug 10 '15 at 13:09
  • 2
    That's not the only reason -- Linux malware is less common due to the channels for software distribution in Linux (PGP-signed repos) and the highest technical skills of its users. Ransomware is a kind of malware. – dr_ Aug 10 '15 at 13:21
  • 2
    I do not believe that my Linux users have "the highest technical skills". I think that notion has been outdated for [almost a decade](https://wiki.ubuntu.com/DapperDrake). – dotancohen Aug 10 '15 at 17:08