This dangerous Windows ransomware is now going after Linux networks too

Ransomware



(Image credit: Pixabay)

A new version of a dangerous Windows ransomware (opens in new tab) has been observed targeting Linux devices, cybersecurity researchers have revealed.

What’s even more concerning is that the threat actors have made “thoughtful choices” to make sure the Linux strain targets the right devices and the right vulnerabilities.

In a press release, cybersecurity researchers from SentinelLabs confirmed they had  seen a Linux version of IceFire ransomware for the first time. This variant has been dubbed iFire, and it targets a deserialization vulnerability in IBM Aspera Faspex file sharing software, tracked as CVE-2022-47986. 

Big game hunting

But this is not the only surprising development when it comes to IceFire. The researchers have also found the threat actor targeting businesses in the media and entertainment sectors in countries like Turkey, Iran, Pakistan, and the United Arab Emirates – countries “which are typically not a focus for organized ransomware actors.”

Instead, the threat actors considered IceFire a Windows-centric threat group going for “big-game hunting” – targeting large enterprises with double extortion tactics, using countless persistence mechanisms, and evading analysis by deleting log files. 

Compared to Windows, Linux is a more difficult operating system to infect with ransomware, the researchers added, also saying that this is particularly difficult to pull off at scale. 

“Many Linux systems are servers,” they say. “Typical infection vectors like phishing or drive-by download are less effective. To overcome this, actors turn to exploiting application vulnerabilities, as the IceFire operator demonstrated by deploying payloads through an IBM Aspera vulnerability.”

Still, despite the challenges, threat actors are increasingly looking to deploy ransomware to Linux devices, the reserachers conclude, saying that the evolution of IceFire is just another argument proving the case. The groundwork for Linux-targeting ransomware was laid in 2021, they said, but the trend accelerated in 2022 with BlackBasta, Hive, Qilin, ViceSociety, and others, started targeting the operating system, as well.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read More
Leigha Schroeder

Latest

The 10 Best Vikings Players | Our Writers Cast Ballots

Dec 21, 2025; East Rutherford, New Jersey, USA; Minnesota Vikings wide receiver Justin Jefferson (18) makes a catch against the New York Giants during the first half at MetLife Stadium. Mandatory Credit: Vincent Carchietta-Imagn Images Among Vikings players, WR1 Justin Jefferson remains unchallenged as the best football player in the Twin Cities. He alone is

Cowboys safety Jalen Thompson receives votes among league’s best at position

We are a stone’s throw away from training camp beginning, and this being the case, the normal happenings of professional football will be dominating our lives on a day-to-day basis soon enough. The last few months have been an exercise in holding our attention until the real thing can. One of the best ways to

Indiana lands 5-star football recruit: Monshun Sales — nation’s No. 1 WR — commits to Curt Cignetti

The Hoosiers' first-ever, five-star commitment comes on the heels of IU's national championship run Jul 17, 2026 at 2:56 pm ET • 1 min read Imagn Images Indiana football landed the highest-rated recruit in program history on Friday when five-star wide receiver Monshun Sales committed to the Hoosiers, beating out finalists Alabama, LSU, Ohio State

Pros and Cons of Notre Dame’s 2026 Football Schedule

If you've heard anything about Notre Dame's schedule this coming season, you're aware that it isn't exactly setting the world on fire in terms of difficulty. The first six games Notre Dame plays come against that failed to qualify for bowl games last year. While that doesn't guarantee a similiar outcome for all in 2026

Newsletter

Don't miss

The 10 Best Vikings Players | Our Writers Cast Ballots

Dec 21, 2025; East Rutherford, New Jersey, USA; Minnesota Vikings wide receiver Justin Jefferson (18) makes a catch against the New York Giants during the first half at MetLife Stadium. Mandatory Credit: Vincent Carchietta-Imagn Images Among Vikings players, WR1 Justin Jefferson remains unchallenged as the best football player in the Twin Cities. He alone is

Cowboys safety Jalen Thompson receives votes among league’s best at position

We are a stone’s throw away from training camp beginning, and this being the case, the normal happenings of professional football will be dominating our lives on a day-to-day basis soon enough. The last few months have been an exercise in holding our attention until the real thing can. One of the best ways to

Indiana lands 5-star football recruit: Monshun Sales — nation’s No. 1 WR — commits to Curt Cignetti

The Hoosiers' first-ever, five-star commitment comes on the heels of IU's national championship run Jul 17, 2026 at 2:56 pm ET • 1 min read Imagn Images Indiana football landed the highest-rated recruit in program history on Friday when five-star wide receiver Monshun Sales committed to the Hoosiers, beating out finalists Alabama, LSU, Ohio State

Pros and Cons of Notre Dame’s 2026 Football Schedule

If you've heard anything about Notre Dame's schedule this coming season, you're aware that it isn't exactly setting the world on fire in terms of difficulty. The first six games Notre Dame plays come against that failed to qualify for bowl games last year. While that doesn't guarantee a similiar outcome for all in 2026

2 Vikings Included in PFN’s Top 100 Players of 2026

Minnesota Vikings receiver Justin Jefferson smiles during NFC practice for the Pro Bowl Games at Camping World Stadium, showing a relaxed side as players prepare for the weekend showcase. On Feb. 1, 2025, Jefferson takes part in the lighthearted session while the conference’s top players work through drills before the annual competition in Orlando. Mandatory

Grey Business processes $61 million as stablecoins dominate payments

Grey Business enables startups and SMEs to open US Dollar (USD) corporate accounts, send and receive international payments, convert currencies, and transact using stablecoins such as USDC and USDT...

Utah Marketers to Host Free Business Networking Event in Layton on June 24

The custom web design company is hosting free monthly networking events for Northern Utah business leaders, with the next event scheduled for June 24 from 4 to 6 p.m. Utah Marketers is hosting a free local business networking event on June 24 from 4 to 6 p.m. at the company’s Layton office. The event is

WellnessVibe Announces Business DNA Workshop in Delhi and Mumbai, where Ancient Sound Wisdom Meets Modern Business Strategy

WellnessVibe has officially announced the launch of its transformative Business DNA Workshop on 7th June 2026 in Delhi and 20th June 2026 in Mumbai. (1888PressRelease) June 03, 2026 - Delhi/Mumbai, India - WellnessVibe has officially announced the launch of its transformative Business DNA Workshop on 7th June 2026 in Delhi and 20th June 2026 in