Ransomware has been predominantly a threat to Windows systems. But, Linux systems became interesting for cybercriminals and this trend is expected to continue. This endangers IoT ecosystems, whereas many IoT systems are based on Linux (e.g. cloud infrastructure and gateways). This paper researches how currently employed forensic techniques can be applied to Linux ransomware and evaluates the maturity as well as the impact on the system. While Windows-based ransomware predominantly uses RSA and AES for key management, a variety of approaches was identified for Linux. Cybercriminals appear to be deliberately moving away from RSA and AES to make Live forensic investigations more difficult. Linux ransomware is developed for a predefined goal and does not exploit the full potential of damage. It appears in an early stage and is expected to reach a similar potential to Windows-based malware. The results generated provided an excellent basic understanding to discuss and assess implications on the IoT industry at an early stage of development.

翻译：勒索软件主要威胁Windows系统。但Linux系统已成为网络犯罪分子的目标，且这一趋势预计将持续。这危及物联网生态系统，因为许多物联网系统基于Linux（如云基础设施和网关）。本文研究当前取证技术如何应用于Linux勒索软件，评估其成熟度及对系统的影响。虽然基于Windows的勒索软件主要使用RSA和AES进行密钥管理，但在Linux中识别出多种方法。网络犯罪分子似乎故意规避RSA和AES，以增加实时取证调查难度。Linux勒索软件为预设目标开发，并未充分发挥全部破坏潜力。它仍处于早期阶段，预计将达到与Windows恶意软件类似的威胁水平。生成的结果为在早期开发阶段讨论和评估对物联网行业的影响提供了极好的基础理解。