Fresh (Buggy) Clop Ransomware Variant Targets Linux Systems>
News AKMI – Sierra Mitchell
The good news is the malware is faulty, and victims can relatively easily decrypt any data it encrypts without first having to pay a ransom for a decryption key. The bad news is the new malware also is the first Linux version of Clop, a particularly nasty ransomware variant associated with numerous high-profile attacks that have netted its operators hundreds of millions of dollars.

Researchers from SentinelOneâs SentinelLabs threat hunting team observed the latest Clop variant targeting Linux systems at a university in Colombia. Samples that the company analyzed showed the Linux code to have a similar logic as its more pernicious Windows relative, with minor differences involving API calls and other features unique to the different operating systems.

SentinelOneâs analysis showed Clopâs Linux version is still likely only in its initial development stages and missing many of the obfuscation and evasive capabilities that are present in Windowsâ versions of the malware. The security vendor assessed that the reason for this might have to do with the fact that not one of the 64 virus-detection engines on Virus Total are currently able to detect the Linux Clop variant.

Significantly, SentinelOneâs researchers found the encryption logic in the Linux variant to be flawed. âThe issue boils down to a couple of key differences between the Windows and Linux variants,â says Antonis Terefos, threat intelligence researcher at SentinelOne.
Link: https://newsakmi.com/news/tech-news/cyber-security/fresh-buggy-clop-ransomware-variant-targets-linux-systems/