SentinelOne researchers have discovered that Clop ransomware has gained its first-ever Linux variant but flaws in the novel strain's encryption algorithm have enabled file decryption without having to pay the ransom, The Hacker News reports.
Colombian educational entities, including La Salle University, have been targeted by the widespread attack with the new Linux variant of Clop, which was aimed at encrypting certain folders and file types but did not have certain functions present in the Windows variant, the report showed.
Moreover, a hardcoded master key in the new Clop variant allowed file recovery without the need for payment. Such gaps may have been a result of malware authors developing a custom Linux payload rather than implementing a port of the Windows version, researchers added.
"While the Linux-flavored variation of Clop is, at this time, in its infancy, its development and the almost ubiquitous use of Linux in servers and cloud workloads suggests that defenders should expect to see more Linux-targeted ransomware campaigns going forward," said SentinelOne researcher Antonis Terefos.