Does IceFire Ransomware Portend a Broader Shift From Windows to Linux?

An anonymous reader shares this report from Dark Reading:

In recent weeks, hackers have been deploying the 'IceFire' ransomware against Linux enterprise networks, a noted shift for what was once a Windows-only malware.

A report from SentinelOne suggests that this may represent a budding trend. Ransomware actors have been targeting Linux systems more than ever in cyberattacks in recent weeks and months, notable not least because 'in comparison to Windows, Linux is more difficult to deploy ransomware against, particularly at scale,' Alex Delamotte, security researcher at SentinelOne, tells Dark Reading....

'[M]any Linux systems are servers,' Delamotte points out, 'so typical infection vectors like phishing or drive-by download are less effective.' So instead, recent IceFire attacks have exploited CVE-2022-47986 — a critical remote code execution (RCE) vulnerability in the IBM Aspera data transfer service, with a CVSS rating of 9.8.
Delamotte posits a few reasons for why more ransomware actors are choosing Linux as of late. For one thing, she says, 'Linux-based systems are frequently utilized in enterprise settings to perform crucial tasks such as hosting databases, Web servers, and other mission-critical applications. Consequently, these systems are often more valuable targets for ransomware actors due to the possibility of a larger payout resulting from a successful attack, compared to a typical Windows user.'

A second factor, she guesses, 'is that some ransomware actors may perceive Linux as an unexploited market that could yield a higher return on investment.'
While previous reports had IceFire targetting tech companies, SentinelLabs says they've seen recent attacks against organizations 'in the media and entertainment sector,' impacting victims 'in Turkey, Iran, Pakistan, and the United Arab Emirates, which are typically not a focus for organized ransomware actors.'

Read more of this story at Slashdot.