The reason for the Xbash family of malware associated with the Iron Group, known for several ransomware attacks.
Xbash has been reported to be transmitted between servers using a combination of exploitable vulnerabilities and brute force attack and, unlike other ransomware, comes with data destruction features enabled by default without recovery mode making file recovery virtually impossible.
In addition, Xbash's botnet and ransomware elements target Linux servers, exploiting unprotected and vulnerable services that are not yet registered, immediately deleting MySQL, PostgreSQL, and MongoDB databases, and asking Bitcoin to hypothetically re-enter the data.
In addition, the Xbash has the ability to spread just like Petya / NoPetya and WannaCry.
Xbash also comes with crawling, compression, conversion, and encryption capabilities, with the common purpose of undermining malicious behavior so it can not be detected by antivirus.
Unit 42 has already found 48 inbound transactions in Xbash encoded purses, totaling $ 6000, which means the new malware family is already active and collects compensation from the victims.
What you have to do to protect yourself is use strong passwords, always install security updates for the operating system, back up as often as possible and limit access to unknown remote servers.