I have a public facing web server that appears to be the target of some sort of ransomware. It only affected web related files and was done by the httpd user:group. The ransom note was also dropped in every affected directory. I was curious if anyone knows of a Linux variant that's in the wild affecting servers. The server is not critical and I have backups so I'm leaving it as is in case anyone can help me dig a little deeper.