Cyberattackers Now Also Make Linux Versions of Their Ransomware

“Security firm Kaspersky said Friday that it discovered a Linux version of the RansomEXX ransomware,” reports ZDNet, “marking the first time a major Windows ransomware strain has been ported to Linux to aid in targeted intrusions.” RansomEXX is a relatively new ransomware strain that was first spotted earlier this year in June. The ransomware has been used in attacks against the Texas Department of Transportation, Konica Minolta, U.S. government contractor Tyler Technologies, Montreal’s public transportation system, and, most recently, against Brazil’s court system (STJ)…

The RansomEXX gang creating a Linux version of their Windows ransomware is in tune with how many companies operate today, with many firms running internal systems on Linux, and not always on Windows Server. A Linux version makes perfect sense from an attacker’s perspective; always looking to expand and touch as much core infrastructure as possible in their quest to cripple companies and demand higher ransoms. What we see from RansomEXX may soon turn out to be an industry-defining trend, with other big ransomware groups rolling out their Linux versions in the future as well.

And, this trend appears to have already begun. According to cyber-security firm Emsisoft, besides RansomEXX, the Mespinoza (Pysa) ransomware gang has also recently developed a Linux variant from their initial Windows version.