A new ransomware campaign dubbed Linux.Encoder.1 is targeting web servers using the Linux operating system and is demanding a payment of one bitcoin, or $380, from its victims for the release of the captured files.

Researchers at the anti-virus firm Dr. Web said the cybercriminals appear to target network administrator computers because these hold the web server software that they are interested in controlling. It was also noted that in some cases the attackers used the CMS Magneto vulnerability to attack the web servers.

The Dr. Web staff did not have a firm idea how prevalent these attacks have been, but they “presume that at least tens of users have already fallen victim to this trojan.” An email by SCMagazine.com to Dr. Web to confirm the number of infected systems has not yet been returned.

Once launched the malware encrypts all files in the home and website administration directories, but then goes through the entire system encrypting only the files with extensions specified by the cybercriminal. The gang is using the .encryption extension to handle this task.

The final step has the bad guys planting a ransom demand saying if the payment is not received the files will remain unobtainable.