Researchers detected a ransomware family dubbed Cylance that affects both Windows and Linux systems.
The ransomware performs tasks prior to starting the encryption process such as enabling several privileges creating a scheduled task for persistence and dropping the ransom note in every single folder.
Encryption is carried out using the Salsa20 (Windows) or ChaCha (Linux) stream ciphers.
SkyWatchSM Alert Legend
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
Disclosure is Not Limited.
Limited Disclosure, Restricted Only to the Community.
Limited Disclosure, restricted to the Participant's Organization.
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.