SKYWATCHSM ALERTS

BASH RANSOMWARE DARKRADIATION TARGETS RED HAT- AND DEBIAN-BASED LINUX DISTRIBUTIONS

July 22, 2021
skywatch-alert

A recently discovered Bash ransomware piqued interest in multiple ways. Upon investigating, it was found that the attack chain is fully implemented as a bash script, but it also seems that the scripts are still under development.
Most components of this attack mainly target Red Hat and CentOS Linux distributions; however, in some scripts Debian–based Linux distributions are included as well.

The worm and ransomware scripts also use the API of the messaging application Telegram for command-and-control (C&C) communication. It was found that most components of this attack have very low detection numbers in Virus Total.

The hack tools URL with the ransomware information was initially reported by Twitter user @r3dbU7z

SkyWatchSM Alert Legend

  • small-bell

    Warning

  • active-threat0-lt-green

    Active Threat

  • malware-lt-green

    Malware

  • ransome-lt-green

    Ransomware

  • warning-green

    Phishing

  • file-green

    Network/IOT

Glesec Information Sharing Protocol

GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).

  • TLP-White

    Disclosure is Not Limited.

  • TLP-Green

    Limited Disclosure, Restricted Only to the Community.

  • TLP-Amber

    Limited Disclosure, restricted to the Participant's Organization.

  • TLP-Red

    Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.

Discover Glesec.

Authority. Consistency.

Sign-up today for SkywatchSM Alerts.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.