A novel Linux version of the IceFire ransomware that exploits a vulnerability in IBM's Aspera Faspex file-sharing software has been identified by SentinelLabs, a research division of cybersecurity company Sentinel One. The exploit is for CVE-2022-47986, a recently patched Aspera Faspex vulnerability.
Known up to now to target only Windows systems, the IceFire malware detected by SentinelLabs uses an iFire extension, consistent with a February report from MalwareHunterTeam — a group of independent cybersecurity researchers analyzing and tracking threats — that IceFire is shifting focus to Linux enterprise systems.
Contrary to past behavior targeting technology companies, the Linux variant of IceFire was observed attacking media and entertainment companies.
The attackers’ tactics are consistent with those of the "big-game hunting" (BGH) ransomware families, which involve double extortion, attacks against large enterprises, the use of numerous persistence mechanisms, and evasion tactics such as deleting log files, according to the SentinelLabs report. Double extortion occurs when attackers steal data as well encrypting it, and usually ask for ransom that's double the usual payment.