Erebus Malware

Solution Verified - Updated -

Environment

Linux Server and Desktop Environments

Issue

Erebus malware is a Linux-based ransomware that can attack systems and encrypt files holding them for ransom. Users are then told to make Bitcoin payments in exchange for decryption keys to regain access to their data.

Additional information on this malware can be found at Trend Micro:
Erebus Linux Ransomware: Impact to Servers and Countermeasures, and
Erebus Resurfaces as Linux Ransomware

Resolution

It is important to keep all servers and workstations up to date with all security patches and maintain backups of all data. If infected, a re-install of software and restore of data may be the easiest resolution.

Root Cause

It is thought that infections of the Erebus malware are caused by malicious ads on websites. Once infected, the malware bypasses user access controls (UAC) and begins to encrypt files with certain suffixes. With known infections of servers, however, it is unknown how, exactly, the malware is propagating.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.