SentinelOne VS IceFire Ransomware (Linux) – Detection and Response

IceFire Ransomware was first observed in August 2022.
IceFire is a multi-pronged extortion threat. The attackers exfiltrate all enticing data prior to encrypting devices. Victims are then extorted into paying the ransom to prevent leakage and decrypt their data.

In recent weeks SentinelLabs observed novel Linux versions of IceFire ransomware being deployed within the enterprise network intrusions of several media and entertainment sector organizations worldwide.

Currently observations indicate the attackers deployed the ransomware by exploiting CVE-2022-47986, a deserialization vulnerability in IBM Aspera Faspex file sharing software.

The operators of the IceFire malware, who previously focused only on targeting Windows, have now expanded their focus to include Linux. This strategic shift is a significant move that aligns them with other ransomware groups who also target Linux systems.

Ref – https://www.sentinelone.com/labs/icefire-ransomware-returns-now-targeting-linux-enterprise-networks/