This new encryptor demonstrates the shift of many threat actors to target Linux systems. It is necessary for organizations to pivot to ensure that their Linux devices are adequately covered by behavioral as well as signature-based detections. One way that this could be done is by looking for a large number of file renames in quick succession, although this detection would be at the end of the kill chain. Overall, it is best to ensure a defense-in-depth strategy for Linux devices to ensure all parts of the kill chain are covered on these systems. Additionally, this campaign demonstrates the need for adequate threat intelligence as well as a quick patching schedule. As this campaign exploits a vulnerability that was only just discovered in January and patched at the end of February, it is necessary for organizations to ensure that their intel team is aware of this information and can relay it to the team that performs patching. Likewise, it is important to get the necessary updates pushed in a timely manner.
Source: https://www.bleepingcomputer.com/news/security/icefire-ransomware-now-encrypts-both-linux-and-windows-systems/
