Editorials and informational articles

Erebus Malware – web Hosting Provider paid 1 million dollars to ransomware attacker

The South Korean web hosting provider Nayana agreed to pay the 1 million dollars ransomware in Bitcoin, after 153 Linux servers were infected with Erebus malware on the 10th of June.

After the attack, over 3400 business websites the company hosted were encrypted. According to the initial Nayana’s announcement, the attacker has requested 550 Bitcoins (1,62 million dollars). After the company negociated with the attacker, the ransomware demanded was 397.6 Bitcoins (around 1 million dollars).

As Trend Micro reveals, the ransomware used in this attack was Erebus. Erebus is a piece of malware that was initially spotted in September 2016 on Windows operating systems. Looks like someone has ported the ransomware to Linux. The ransomware is used to target vulnerable servers.

Nayana’s website was running on Linux kernel, a kernel compiled back in 2008. Additionally, Nayana’s website uses Apache version 1.3.36 and PHP version 5.1.4, both of wich were released back in 2006. Samples of the ransomware were submitted to VirusTotal also from Ukraine and Romania.

Details about Erebus Malware

The malware uses the RSA algorithm to encrypt AES keys and each infected file is encrypted with a unique AES key. However, the RSA-2048 public key is shared. The ransomware targets Office documents, databases, archives and multimedia files, being able to encrypt a total of 433 file types. But the malware was build specifically to target and encrypt web servers and data stored in them.

erebus malware - ransomware note

So, the only safe way of dealing with ransomware attacks is prevention. As we have previously recommended, the best defense against Ransomware is to create awareness within the organizations, as well as to maintain back-ups that are rotated regularly.

Most viruses are introduced by opening infected attachments or clicking on links to malware usually in spam emails. So, DO NOT CLICK on links provided in emails and attachments from unknown sources.


Anbox permits the users to run Android apps on Linux systems

Marius GripsgÄrd has released Anbox, a project that permits the users to install and use Android applications on Linux systems.

Due to the fact that the Anbox packages are available as snaps, the universal package format created by Canonical, the application can be installed on a lot of GNU/Linux operating systems. The application uses the LXC containers to permit the installation of Android apps, isolating the mobile software by using Linux namespaces. Inside the containers, all the needed Android relevant parts are installed, but they cannot access the hardware or the user data. For the applications that need OpenGL, the project borrows some parts of the official Android emulator implementation.

Also, Anbox includes integration of all Android apps in the installed desktop environments, making them behave like regular system apps. The developer will implement Anbox on the Ubuntu Phones, to permit the installation of Android apps. The first Ubuntu phone to receive Anbox support will be the OnePlus One.

Unfortunately, Anbox is still in its early development stages so the apps may suddenly crash or become unresponsive.

As a reminder, Canonical has decided to drop the Ubuntu Touch and Unity support and to switch over to the GNOME desktop environment starting with Ubuntu 18.04. After that, the guys from UBports have adopted the development of Ubuntu Touch, in order to provide support for the phones that come with Ubuntu pre-installed.

For more information, see this article from Also, watch the below video to make a better opinion about it.

Linux distributions News

Alpine Linux 3.5.2 (security-oriented Linux distribution) has been released

Alpine Linux is a free, open-source security oriented GNU/Linux distribution that is based on BusyBox and musl libc. It uses its own package manager called apk-tools and can be installed as a run-from-RAM distribution. It is very helpful for x86 routers, firewalls, VPNs, VoIP boxes and servers.

Recently, Alpine Linux 3.5.2 has been released, shifting to Linux Kernel 4.4.52 and updating main components: PHP 7.0.16, lighttpd 1.4.45, Chromium 56.0.2924.76, PostgreSQL 9.6.2, nginx 1.10.3, ZoneMinder 1.30.2 and RackTables 0.20.12, OpenSSL 1.0.2k, Zabbix 3.2.4, ownCloud 9.1.4, Borg Backup 1.0.9, GNU Screen 4.5.1, Mozilla Firefox 45.7.0 ESR, Ansible, Salt 2016.11.2, WavPack 5.1.0, Wireshark 2.2.4, Postfix Admin 3.0.2, BIND 9.10.4-P6, Vim 8.0.0329, FFmpeg 3.1.7 and WebKit2GTK+ 2.14.5.

From the official changelog:

“The Alpine Linux project is pleased to announce the immediate availability of version 3.5.2 of its Alpine Linux operating system. This is a bugfix release of the v3.5 musl based branch, based on linux-4.4.52 kernels and it contains bugfixes. The full lists of changes can be found in the git log and bug tracker,”

Alpine Linux 3.5.2 is available in different versions:

  • Mini root filesystem – usable in containers
  • Standard
  • Vanilla – includes a vanilla (untouched) kernel
  • Extended – with most packages included
  • Virtual – standard, but optimized for virtualization
  • Xen – includes build-in support for Xen Hypervisor
  • Raspberry Pi – includes Raspberry Pi Kernel
  • Generic ARM – includes ARM kernel

If you already have Alpine Linux installed, you can upgrade it to its newest version by installing the packages from the official repositories. If you are new to it and want to give it a test drive, download the version you want from the official website.