Linux and FreeBSD are being targeted by the latest version of Hive ransomware.
Hive ransomware was first observed in June 2021, with the FBI warning about it in late August. Initially the ransomware targeted Windows only, but the creators are looking to expand that.
According to security firm ESET, the hackers behind Hive have been working on a Linux and FreeBSD version.
#ESETresearch has identified Linux and FreeBSD variants of the #Hive #Ransomware. Just like the Windows version, these variants are written in #Golang, but the strings, package names and function names have been obfuscated, likely with gobfuscate. 1/6 pic.twitter.com/dBw0E5pj6r
— ESET Research (@ESETresearch) October 29, 2021
For the time being, the Linux and FreeBSD versions are not very effective. The ransomware tries to run as root but, unless it has root privileges, it fails to trigger encryption.
The malware also tries to write the ransom note and key information file to the filesystem root, so unless executed with root privileges, it fails and the encryption is not even triggered. These facts lead us to believe that the Linux variant is still in development phase. 5/6 pic.twitter.com/tuwQKJpFml
— ESET Research (@ESETresearch) October 29, 2021
While it’s good news that the Linux and FreeBSD versions of Hive don’t effectively work yet, “yet” is the operative word. It’s likely only a matter of time until the bugs are worked out, opening the Linux and FreeBSD communities to attack.