IceFire is a well-known ransomware targeting the Windows platform. According to the latest report published by SentinelLabs, a new variant of the ransomware has emerged, which can also launch ransom attacks on Linux platforms.
Attackers exploited a deserialization vulnerability in IBM Aspera Faspex file-sharing software to attack servers in multiple media and entertainment sectors around the world by spreading a variant of IceFire.
Once infected with a variant of IceFire, Linux devices and servers encrypt data, adding an”.ifire” extension to files. The report that the IceFire variant does not infect all files on the device, but bypasses key parts of the system, allowing the system to run normally, but encrypting user data.
Once the ransomware has finished encrypting data, it sends out a ransom notice asking victims to contact the attackers within five days. If the victim chooses not to pay the ransom, the victim’s data is exposed online.