Are individual (non-server) users of Linux distributions targets of ransomware attacks ?

[wpshooter]

Are individual (non-server) users of Linux distributions "possible" targets of ransomware attacks ?

Was reading these 2 articles and they mention Linux servers as being possible targets but as
far as I could see nothing was mentioned about individual (home) users of Linux.

https://www.zdnet.com/article/this-new- ... ue-attack/

https://www.forbes.com/sites/daveywinde ... e9804d3265

Are these ransomware attackers only interested in (and thus target) deep pocket organizations (with servers) or
is it possible for them to also target any MS$ and/or Linux machine that they thought they could
get some of that fake money out of no matter how little the amount might be ?

Thanks.

[t42]

Cyber-criminals are not a homogeneous group, there is no generic profile. Targets are defined by motivation (as diverse as greed, cyber-terrorism, narcissism, activism, need etc). Anyway, more likely targets are Financial Services, Power and Energy companies, big companies with more than 1000 employees. A Linux user is even not on the horizon.

[Larry78723]

The people behind these ransomware attacks are looking for large sums of money. They're hitting organizations with "deep pockets". I don't believe any individual needs to fear a ransomware attack, regardless of what OS they're using.

[ivar]

.. but the bad guys are continously probing for vulnerable systems/password.. I got a little nuc box with a service exposed (I know, bad idea) , installed Fail2Ban on it and it has now banned 90 IP's tried to authenticate more than 5 times since last night.

[Kev]

IMO it is deeply unlikely to trouble a normal Linux desktop user, unless doing something unwise. But if I were worried about that way of losing data then I'd also be worried about losing them by more likely means too; an appropriate regime of data backups (and if necessary, system backups) would cover many eventualities.

[Lady Fitzgerald]

While entities with deep pockets are the most likely targets, anyone can be taken in by spoofing emails that trick users into "inviting" in ramsomware hackers.

[absque fenestris]

While entities with deep pockets are the most likely targets, anyone can be taken in by spoofing emails that trick users into "inviting" in ramsomware hackers.

(HTML input - Very colorful with photos, text markup, selection fields, etc.)
You have just won a brand new iPhone 12 Pro Max!
Choose your finish:
Graphite Silver Gold Pacific Blue
Tick the desired finish and confirm by clicking on the link below...

(Text only input)
The same text blah blah but in a boring Monotype font and some boring empty boxes with remarks about withheld or unloaded content etc. - and with this undesign already the whole fuss is kind of ridiculous.

There is a lot to be said for not using HTML in email traffic ...

[DPM]

Generally, Linux attacks don't work like under Windows - mainly because downloaded files are different. Windows invites user based attacks by a number of Windows specific flaws:

• Files are executable by default just as per their file extension.
• The file extension is hidden by default.
• Executables can embed any custom icon they want, such as a PDF reader icon.

Linux is most prevalent on servers and on IoT (Internet of Things) devices. Both are routinely under attack. For servers, it's mostly on the application layer where attackers gain admin access, e.g. with web facing WordPress installations that have security holes because they use unmaintaned themes or plugins, or because they use dozens of plugins and create a large attack surface. IoT is a nightmare in itself because these devices are never updated - the 'S' in "IoT" is for "Security", as the saying goes.

So, yes, ransomware for Linux exists - but the key question is how to get a desktop user to execute that. Keep your installation up to date (in particular the browser), and install stuff only via the regular package manager.

[Lady Fitzgerald]

While entities with deep pockets are the most likely targets, anyone can be taken in by spoofing emails that trick users into "inviting" in ramsomware hackers.

(HTML input - Very colorful with photos, text markup, selection fields, etc.)
You have just won a brand new iPhone 12 Pro Max!
Choose your finish:
Graphite Silver Gold Pacific Blue
Tick the desired finish and confirm by clicking on the link below...

(Text only input)
The same text blah blah but in a boring Monotype font and some boring empty boxes with remarks about withheld or unloaded content etc. - and with this undesign already the whole fuss is kind of ridiculous.

There is a lot to be said for not using HTML in email traffic ...

Those are obvious scams. Spoofing refers to emulating a vendor, service provider, etc. via email, etc. to trick you into giving up personal data that can be used for identity theft, clearing out a bank account, hijacking a service, etc.