Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Ransomware and Linux/BSD/NAS

  • Please log in to reply
2 replies to this topic

#1 MrNovi


  • Members
  • 5 posts
  • Local time:01:27 PM

Posted 14 April 2016 - 10:53 AM

This may be a stupid question but this forum is the Go To place for info on this stuff so I'm going to go ahead and make a fool of myself and ask anyway. From what  can tell Ransomware appears to be primarily a Windows problem. My question(s) are does it affect Linux, BSD, or NAS systems directly as in running a stand alone Linux box, etc.? Also does it affect them indirectly by way of network shares? I imagine any NTFS or FAT file system would be vulnerable, but would like some clarification on this.


If this is the wrong forum to post this in I apologize. Also, I did do a search and didn't find anything useful so if the info has already been addressed in the past again I apologize. My search foo isn't what it once was.


Any assistance would be greatly appreciated. I'm here to learn.





Edited by MrNovi, 14 April 2016 - 10:54 AM.

BC AdBot (Login to Remove)


#2 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,555 posts
  • Gender:Male
  • Location:USA
  • Local time:01:27 PM

Posted 14 April 2016 - 11:35 AM

Your questions are perfectly reasonable.


Shares from any OS would be susceptible to being encrypted if a Windows system has access to them. Even shares from a Mac or Linux-based system would be open if they are over SMB, as some ransomware sniff the network for broadcasted SMB shares, even if they aren't mapped.


However, Linux and Mac are not out of the woods on being the attack vector either. There have been cases of ransomwares that hit Mac (KeRanger) and Linux, there's even an open-source version that we expect to hit the ground running possibly.


There have even been NAS-targetted ransomwares before, such as SynoLocker that directly accessed Synology devices that did not have a patched version of the firmware. I've heard of QNAP exploits that allowed hackers to mess with the data, it would only naturally be the next progression to hold it ransom.


Samas Ransomware has proven that if an attacker can gain access to your network remotely, they can laterally move about the network and manually encrypt anything they find - some had their NAS wiped through the remote admin client that would only be accessible from the server.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#3 MrNovi

  • Topic Starter

  • Members
  • 5 posts
  • Local time:01:27 PM

Posted 14 April 2016 - 11:59 AM

Thanks. That's pretty much what I figured. I appreciate your taking the time on this.


I've only ran into two cases of Ransomware so far. On one the person realized something was wrong and pulled the power cord out immediately. I was able to boot off of a live disk and clean the system before it did any serious damage. They only lost a few photos which were backed up fortunately. On the other the system was so slow it hadn't been able to encrypt more than a couple of files before they shut it down. I was able to get in and clean it out as well with only the loss of a couple of documents that they had other copies of.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users