Often overlooked by security experts, Linux systems become a more common target for cybercriminals. Aiming to get as much money as possible, hackers are expanding the digital attack surface beyond Windows operating systems.

Detections have increased by 75% in the last year as ransomware attacks are now heavily targeting Linux servers.

Linux systems are not only attractive to malicious actors – as they enable important IT infrastructure for businesses – but they are also an easier target, as cybersecurity teams tend to focus on the Windows networks instead in their fight against cybercrime.

How the Situation Looks Now

Researchers at Trend Micro note that “ransomware groups are increasingly tailoring their attacks to focus specifically on Linux systems.”

For example, LockBit, one of the most active and productive ransomware operations, now offers a variation that is designed especially for Linux systems.

Ransomware attackers are financially motivated and will readily follow new opportunities if they think that it can help them make more money – and it appears that encrypting Linux systems and demanding a payment for the key to unlock files and servers is becoming increasingly popular.


Researchers suggest that this trend is only going to be more and more popular as hackers are financially motivated to exploit any new opportunity.

And this can already be observed as ransomware gangs are not the only ones that turned their attention to Linux systems. The cryptocurrency-mining malware attacks on Linux devices also increased by 145% motivated by cybercriminals’ wish for more money.

What Can You Do to Protect Your Linux System

One way in for malicious actors into your Linux device are system vulnerabilities.

According to the report, these flaws include CVE-2022-0847 – also known as Dirty Pipe – a bug that affects the Linux kernel from versions 5.8 and up, which attackers can use to escalate their privileges and run code. Researchers warn that this bug is “relatively easy to exploit”.


The basic thing you can do for protecting your network and your data is to apply all the security patches as soon as possible to keep eventual malware away.

An extra layer of defense can be added by multi-factor authentication. The 2F authentication is most efficient if it’s used throughout the whole network.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Authentication vs. Authorization: the Difference Explained

Why You Should Start Using Two-Factor Authentication Now

Ransomware Explained. What It Is and How It Works

Leave a Reply

Your email address will not be published. Required fields are marked *