Carding 4 Carders
Professional
The consequences of the attack include terabytes of erased data and hundreds of damaged devices.
Specialists of the Security Joes discovered a new malicious code targeting Linux systems in the structures of Israeli organizations. The malware, dubbed "BiBi-Linux", is used to completely destroy data as part of destructive attacks. Experts identified the malware during an investigation of a network security breach by an Israeli company.
A distinctive feature of this ransomware virus is the absence of ransom demands or contact information to contact hackers, despite the imitation of the file encryption process. The malware simply destroys all data without the possibility of recovery. Files are corrupted by overwriting them with useless data, which damages both the data itself and the operating system.
The executable file found in the victim's systems ("bibi-linux.out") provides attackers with the ability to select target folders for the attack via command-line parameters.
When run as an administrator, the virus can completely destroy the device's operating system if the attackers do not specify a specific path, otherwise the malware will try to delete the entire root directory"/".
BiBi-Linux runs in multiple threads and uses a queuing system to improve speed and efficiency by overwriting the contents of files to destroy them, renaming them, and adding an extension consisting of the string "BiBi" and a specific numeric value. As the researchers noticed, the value indicates the number of passes of file erasure.
The instance of the virus detected by experts does not contain obfuscation, packaging, or other security measures, which greatly simplifies the work of analysts. This suggests that attackers do not care whether their tools are intercepted and analyzed — their main goal, apparently, is to maximize the impact of the attack.
Viper viruses pose a serious threat to critical infrastructure and are often used in cyber warfare to cause maximum damage to the enemy.
As the case of BiBi-Linux shows, such viruses can completely destroy data without the possibility of recovery. To counteract these threats, organizations should implement comprehensive security measures that include intrusion detection and prevention, regular data backup and recovery checks, cybersecurity training for employees, file integrity control systems, and privilege separation policies to restrict user access.
Only a combination of technical and organizational measures can minimize damage from viper viruses as part of a comprehensive approach to protecting against targeted attacks.
Specialists of the Security Joes discovered a new malicious code targeting Linux systems in the structures of Israeli organizations. The malware, dubbed "BiBi-Linux", is used to completely destroy data as part of destructive attacks. Experts identified the malware during an investigation of a network security breach by an Israeli company.
A distinctive feature of this ransomware virus is the absence of ransom demands or contact information to contact hackers, despite the imitation of the file encryption process. The malware simply destroys all data without the possibility of recovery. Files are corrupted by overwriting them with useless data, which damages both the data itself and the operating system.
The executable file found in the victim's systems ("bibi-linux.out") provides attackers with the ability to select target folders for the attack via command-line parameters.
When run as an administrator, the virus can completely destroy the device's operating system if the attackers do not specify a specific path, otherwise the malware will try to delete the entire root directory"/".
BiBi-Linux runs in multiple threads and uses a queuing system to improve speed and efficiency by overwriting the contents of files to destroy them, renaming them, and adding an extension consisting of the string "BiBi" and a specific numeric value. As the researchers noticed, the value indicates the number of passes of file erasure.
The instance of the virus detected by experts does not contain obfuscation, packaging, or other security measures, which greatly simplifies the work of analysts. This suggests that attackers do not care whether their tools are intercepted and analyzed — their main goal, apparently, is to maximize the impact of the attack.
Viper viruses pose a serious threat to critical infrastructure and are often used in cyber warfare to cause maximum damage to the enemy.
As the case of BiBi-Linux shows, such viruses can completely destroy data without the possibility of recovery. To counteract these threats, organizations should implement comprehensive security measures that include intrusion detection and prevention, regular data backup and recovery checks, cybersecurity training for employees, file integrity control systems, and privilege separation policies to restrict user access.
Only a combination of technical and organizational measures can minimize damage from viper viruses as part of a comprehensive approach to protecting against targeted attacks.
