RansomExx has been getting a lot of attention this week due to their ongoing attacks against Brazil’s government networks. Kaspersky researchers say the Linux version is a no-frills ransomware. It does not contain any code to terminate processes, does not wipe free space, and does not communicate with a command and control server. Embedded in the Linux executable are a public RSA-4096 encryption key, the ransom note, and an extension named after the customer that will be appended to encrypted files.
Source: https://www.bleepingcomputer.com/news/security/ransomexx-ransomware-also-encrypts-linux-systems/