Ransomware is frequently reported in healthcare data breach situations. That may change as it has been discovered that thousands of web servers have been infected and had their files encrypted by a new strain of ransomware named Lilocked or Lilu. The Lilocked ransomware appears to target Linux-based systems only. ZD Net brought this topic to our attention in their article, “Thousands of servers infected with new Lilocked (Lilu) ransomware.”

Infections have been happening since mid-July, and have intensified in the past few weeks. Even more disconcerting, the way Lilocked ransomware breaches servers and encrypts their content is currently unknown.

Despite the very nice and helpful message you get from the thief, this is a serious situation. Lilocked doesn’t encrypt system files, but only a small subset of file extensions, such as HTML, SHTML, JS, CSS, PHP, INI, and various image file formats. This means infected servers continue to run normally. It is believed that Lilocked has encrypted more than 6,700 servers, many of which have been indexed and cached in Google search results.

Melody K. Smith

Sponsored by Data Harmony, a unit of Access Innovations, the world leader in indexing and making content findable.