Linux systems subjected to IceFire ransomware attacks

BleepingComputer reports that numerous media and entertainment entities worldwide have had their Linux network systems compromised by the IceFire ransomware operation since mid-February. IceFire ransomware attacks commence with the exploitation of an already patched high-severity deserialization flaw in IBM Aspera Faspex file-sharing software, tracked as CVE-2022-47986, before the deployment of the updated IceFire ransomware variant, which would then proceed to perform file encryption, self-deletion, and binary removal, according to a SentinelLabs report. "In comparison to Windows, Linux is more difficult to deploy ransomware against particularly at scale. Many Linux systems are servers: typical infection vectors like phishing or drive-by download are less effective. To overcome this, actors turn to exploiting application vulnerabilities, as the IceFire operator demonstrated by deploying payloads through an IBM Aspera vulnerability," said SentinelLabs. Such targeting of Linux systems by IceFire ransomware continues the trend of ransomware operations expanding their attacks outside of Windows systems, SentinelLabs added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.