The Uptycs Threat Research team recently observed an Executable and Linkable Format (ELF) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware README note (see Figure 1). The DarkAngels ransomware was first seen this year during the month of May, in which its variants targeted Windows systems. The ELF file we found itself is new, but the Onion link found in the ransomware binary appears to be down, indicating that this new Linux-targeted ransomware might still be under development.
