Malware called Ensiko can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. Malware can be password protected for secure access and avoid a takeover like Emotet did last week when someone replaced the malware payloads with memes. Researchers at Trend Micro analyzed the malware and found that it uses the symmetric Rijnadel-128 cipher in CBC mode to encrypt files. The malware lets threat actors run brute-force attacks on FTP, cPanel, and Telnet, thus enabling them extended access.
Source: https://www.bleepingcomputer.com/news/security/feature-rich-ensiko-malware-can-encrypt-targets-windows-macos-linux/