Ransomware trend to attack Linux servers

In the first half of 2022, attacks on Linux-based systems increased by 75 percent compared to the same period last year. The experts at Trend Micro see this as a ransomware trend towards attacks on Linux servers.


Trend Micro is the global leader in cloud security, XDR and cybersecurity platform solutions. In their current security report “Trend Micro 2022 Midyear Cybersecurity Report”, the experts noted a 75 percent increase in ransomware attacks on Linux-based machines in the first half of 2022 compared to the first half of 2021, in addition to a general growth in ransomware attacks. They see this as a trend for the coming years.


Prediction: Linux systems will become more common targets in the future

The increase from 1,121 attacks on Linux systems in the first half of 2021 to 1,961 attacks in the first half of 2022 is just the beginning of a trend, according to Trend Micro. The company justifies this with the appearance of several corresponding tools. Overall, the market for cybercrime in the form of services is currently growing strongly.

Specifically, the IT security experts mention the LockBit Linux-ESXi Locker Version 1.0 tool announced by the LockBit ransomware group last year, as well as the already available RansomEXX for exploiting security gaps in ESXi. In May of this year, security companies also discovered Cheerscrypt – another Linux-based ransomware that is designed to encrypt log files and other VMware files and can thus be used for blackmail attempts.

Since attacks on Linux servers often affect corporate systems, according to Trend Micro, critical infrastructures are also at risk from the forecast trend.


Particularly popular attack vectors

According to Trend Micro, attackers are particularly interested in zero-day security gaps – i.e. known vulnerabilities in software or hardware for which there is no patch yet – and critical bugs. The number of zero-day vulnerabilities has increased by 23 percent compared to the previous year, and the number of critical bugs has even quadrupled. According to Trend Micro, attackers like to use cloud tunneling to route malware data traffic or host phishing websites.

Source: Trend Micro