"Cylance" ransomware (no relation to Cylance).
N2K logoApr 3, 2023

New ransomware targets Windows and Linux systems.

"Cylance" ransomware (no relation to Cylance).

Palo Alto Networks’ Unit 42 late last week spotted a new strain of ransomware that’s calling itself “Cylance” (with no relation to the security firm).

Ransomware compromises several victims.

The malware is targeting Windows and Linux systems. The ransom note instructs victims to email the attackers to begin negotiations. The ransom note states, in part: 

“All your files are encrypted, and currently unusable, but you need to follow our instructions. Otherwise, you can’t return your data (never. It’s just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will cooperate with us. It’s not in our interests.”

“To check the ability of returning files, we decrypt one file for free. That is our guarantee. If you will not cooperate with our service – for us, it does not matter. But you will lose time and data, cause just we have the private key. time is more valuable than money.”

HackRead reports that the ransomware has already compromised several victims.

Industry comment on "Cylance" ransomware.

Jon Miller, CEO and co-founder of Halcyon, views the emergence of this ransomware as part of a trend in which attackers are going after Linux systems:

"The emergence of yet another ransomware strain is not surprising. Ransomware operations will continue to come and go, but the imminent threat of ransomware will persist. While this new variant has a catchy name that mirrors a security product, it's just a branding ploy by the developers that does not have any real significance. What is interesting though is that this strain emerged with both Windows and Linux versions. While more groups have been developing Linux versions recently, not much attention has been paid to what this trend means for the ransomware threat landscape.

"Groups like LockBit, IceFire, Black Basta, and Cl0p all have developed Linux targeting capabilities, which makes the likelihood of a really widespread, disruptive ransomware attack in the near future something to be concerned about. While Linux has a much smaller footprint than Windows systems overall, Linux arguably runs the most important system, including the vast majority of web servers, a good chunk of embedded and IoT devices used in manufacturing and energy, almost every smartphone and supercomputer, almost all of the US government and military systems, and pretty much all of the critical backbone systems in any large network."