Dazzler posted this in the Security Forum this morning: Ransomware Found Targeting Linux Servers and Coding Repositories - General Security
A newly discovered ransomware is attacking Linux Web servers, taking aim at Web development environments used to host websites or code repositories.
Russian antivirus maker Dr.Web came across this malware and said that the ransomware needs root privileges to work. Additionally, the company also says it does not yet know how the ransomware infects computers, but taking into account previous Linux-based malware infections, the main culprit may be an open SSH port with weak credentials.
I thought I should post that info here in the Linux Forum, too. My comment in Dazzler's Topic:
Home users of Linux distros reading the above should not be concerned about being a victim of the above reported malware IF
you are not running as ROOT and are not allowing REMOTE CONNECTION to your desktop. Remote connection is not allowed by
default in popular Linux distros such as Ubuntu. If you are not sure your particular Linux distro is allowing remote connection to your
desktop then you should confirm it isn't if you don't need to access your computer remotely.
I should probably mention that securing your router is very important, too. If you haven't changed the default password and blocked
remote connection if unneeded.....that should be done, too. While in the router settings...check for firmware update, too.