Getting cryptographic implementations right is hard. A group of malware creators is currently experiencing that hard truth, to the amusement of security researchers.
For the past several months, a group of cybercriminals have been infecting Linux systems — primarily Web servers — with a file-encrypting ransomware program that the security industry has dubbed Linux.Encoder.
This development is worrying, because Web server infections don’t require user interaction as on desktop computers where getting users to open rogue email attachments or visit malicious websites are common attack vectors. Instead, the hackers use automated scanners to find servers that host vulnerable applications or have weak SSH passwords they can guess using brute-force methods.