Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions

Security Alert
Published June 17, 2021

A recently discovered Bash ransomware piqued our interest in multiple ways. Upon investigating, Trend Micro found that the attack chain is fully implemented as a bash script, but it also seems that the scripts are still under development. Most components of this attack mainly target Red Hat and CentOS Linux distributions; however, in some scripts Debian-based Linux distributions are included as well. The worm and ransomware scripts also use the API of the messaging application Telegram for command-and-control (C&C) communication. Trend Micro also found that most components of this attack have very low detection numbers in Virus Total. The hack tools URL with the ransomware information was initially reported by Twitter user @r3dbU7z.


T1027 – Obfuscated Files or InformationT1014 – RootkitT1490 – Inhibit System RecoveryT1030 – Data Transfer Size LimitsT1110 – Brute ForceT1136.001 – Local AccountT1003.008 – /etc/passwd and /etc/shadowT1059 – Command and Scripting InterpreterT1573 – Encrypted Channel

Related Content

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.