I know this is always contentious but are there any of these ransomware attacks on non Windows machine? I mean prominent ones? I understand everyone is running Windows on the desktop, but why are Linux servers not targetted by the same thing as they are prominent? I know they get hacked all the time, but I never read stories like this about them. I read that mongo was hacked (and yeah, using mongo, sorry but...) which probably ran on Linux; however pure ransomware attacks I cannot find outside Windows. People keep saying that if other devices would be as popular, they would attack them; but for instance my mother has an ipad, android phone and a windows laptop, and the only (penis enlarger.....) malware is in windows which has an up to date AV. Android is more popular than Windows, Linux on servers is as well, iOS is as well. And yet all the crap is always Windows. I do not get it.
Ransomware attacks absolutely do target Linux servers because one needs to take down all the servers to have a proper business disruption for which someone will pay a million dollar ransom; in all the recent prominent attacks Linux servers were taken down as well.
Perhaps there's some issue with what you mean by "pure ransomware" - if you mean automatically spreading worms, then those aren't that relevant, prominent examples like Petya was four years ago; NotPetya was not ransomware but a destructive weapon, etc. In the current environment, and also in the attack described in this article, a "ransomware attack" means a takeover of your systems by a ransomware crew of hackers manually working on your specific network. They generally start with a spearphishing which targets Windows desktop machines because usually the easiest way to target Linux servers is through client-side attacks, obtaining user credentials and a foothold inside the network that helps with firewall restrictions.
> obtaining user credentials and a foothold inside the network that helps with firewall restrictions.
Yes but those are somewhat human errors; my point is more along the lines that linux might be the primary target for the entire attack, but it always starts with attacks on Windows. I was looking for a case, specifically with ransomware, that started with Linux/Mac OS X instead of Windows.
In my opinion (and to be honest, PCI DSS actually enforces this some extend) it should not be possible to gather linux credentials from singular hacked machines. If you hack my system, you will not be able to login to our prod linux machines; you will need my hardware device to generate OTPs. This is what we actually do for a living, but it is rather weird that people don't just have google-authenticator as standard for lack of a hardware token; then your private key would still not get the hackers anywhere. Use hardware tokens + non-windows then basically none of these attacks would work.
Yes, but my question was specifically about a high profile one; so huge company or huge money stolen. This is just 'yes it exists' but nothing was done with it.
