IceFire Ransomware Targets Linux Enterprise Networks in the Media and Entertainment Sector
IceFire, a known Windows-based ransomware strain, has expanded its focus to target Linux enterprise networks of several media and entertainment sector organizations worldwide. Cybersecurity company SentinelOne reports that the intrusions exploit a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8).
According to SentinelOne's senior threat researcher, Alex Delamotte, the shift is a significant move that aligns IceFire with other ransomware groups that target Linux systems. SentinelOne observed that a majority of the attacks have been directed against companies located in countries that are not typically targeted by organized ransomware crews, such as Turkey, Iran, Pakistan, and the U.A.E.
The MalwareHunterTeam first detected IceFire in March 2022, but its victims were not publicized until August 2022 via its dark web leak site, as reported by GuidePoint Security, Malwarebytes, and NCC Group. The ransomware binary targeting Linux is a 2.18 MB 64-bit ELF file that's installed on CentOS hosts running a vulnerable version of IBM Aspera Faspex file server software. It can also avoid encrypting certain paths to keep the infected machine operational.
Delamotte explains that compared to Windows, deploying ransomware against Linux, particularly at scale, is more challenging. Many Linux systems are servers, and typical infection vectors like phishing or drive-by download are less effective. To overcome this, actors turn to exploit application vulnerabilities.
In other news, Fortinet FortiGuard Labs disclosed a new LockBit ransomware campaign that employs evasive tradecraft to avoid detection.IMG containers that bypass Mark-of-the-Web (MotW) protections.
Thank you for reading our blog. Follow us on social media for more updates and feel free to contact us with any questions or comments. Share with your friends and family. We appreciate your support and look forward to sharing more valuable insights with you.