IceFire ransomware now encrypts both Linux and Windows systems
IceFire ransomware now encrypts both Linux and Windows systems. Threat actors linked to the IceFire ransomware operation now actively target Linux systems worldwide with a new dedicated encryptor. The attackers exploit a deserialization vulnerability in the IBM Aspera Faspex file-sharing software (tracked as CVE-2022-47986) to hack into targets' vulnerable systems and deploy their ransomware payloads. Once inside their networks, the attackers deploy their new malware variant to encrypt the victims' Linux systems. When executed, IceFire ransomware encrypts files, appends the '.ifire' extension to the filename, and then covers its tracks by deleting itself and removing the binary. It is important to note that IceFire doesn't encrypt all files on Linux, strategically avoiding certain paths to prevent a complete system shutdown. CVEs: CVE-2022-47986 Malware: IceFire [View Article](https://www.bleepingcomputer.com/news/security/icefire-ransomware-now-encrypts-both-linux-and-windows-systems/)