Researchers at Palo Alto Networks have found a new malware called Xbash which is a lethal cocktail of botnet, ransomware and cryptocurrency mining software combined in a single worm.
Xbash targets servers running on Linux or Windows and prey on systems that are protected by weak passwords or devices running with unpatched known vulnerabilities.
This new malware behaves differently based on the operating system it is working. Xbash shows its ransomware aspect on Linux devices and creates botnets on it whereas Windows devices are targeted for cryptocurrency mining and self-propagation.
Ransomware generally encrypts a victim’s file and demands payment in exchange for their restoration. But the problem is that the files aren’t always restored.
Much like the infamous NotPetya, Xbash doesn’t really have any features to restore the data. It anyway asks for a ransom after encrypting, but even after payment, the files remain encrypted.
So far 48 individuals have fallen victim to it and paid nearly $6,000 in Bitcoin to the attackers. Hence, Xbash isn’t exactly a ransomware as its true goal seems to be the complete destruction of victim’s data.
What makes Xbash really dangerous is its capability to compromise an organization’s intranet. This feature isn’t active currently, but once enabled it compromises those networks and allows attackers to interfere with an organization’s crucial services.
According to security researchers, an entity called the Iron Group are behind the creation of Xbash and are linked to other ransomware attacks as well. The malware was first spotted in May 2018 and four versions of Xbash has been found to date.
Since there is a difference in code and timestamp in all the versions, the researchers believe this malware is still under development. This means the attackers are adding more lethal functionalities to it or activate the intranet-targeting feature.
Whatever may be the case, one should regularly back up important files and take usual security measures to prevent falling victim to such attacks