Security firm Kaspersky has discovered a Linux version of the RansomEXX ransomware. It is the first time a major Windows ransomware strain has been ported to Linux for targeted intrusions. The relatively new ransomware strain RansomEXX was first spotted earlier in June 2020.
RansomEXX has been used in attacks against Montreal’s public transportation system, Texas Department of Transportation, US government contractor Tyler Technologies, and also against Brazil’s court system.
The groups either buy access or breach networks themselves and expand access to as many systems as possible. They then manually deploy their ransomware binary as part of the final stage to cripple as much of the target’s infrastructure as possible.