Security News > 2021 > July > Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices

Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices
2021-07-01 20:56

"REvil ransomware authors have expanded their arsenal to include Linux ransomware, which allows them to target ESXi and NAS devices," Caspi wrote.

In a nod to research by AdvIntel in early May 2021, which reported REvil's intent to port its Windows-based ransomware to Linux, Caspi confirmed the Linux variant was spotted in May "Affecting *nix systems and ESXi.".

What makes Alien Labs' discovery of the Linux REvil variant unique is that the Linux, Unix and other Unix-like computer operating systems, are not typically targeted by adversaries.

In November, Kaspersky identified a Linux sample of RansomEXX. Researchers noted that criminals based its Linux variant on "WinAPI" and used a similar mechanism to manipulate targeted Linux MBED TLS libraries.

Researchers said the Linux version of REvil share similar attributes to the Windows OS variant.

"The threat actors behind REvil RaaS have rapidly developed a Linux version to compete against the recently released Linux version of DarkSide. It is hard to clarify if these two RaaS are competing against each other or collaborating team members, as stated by other security researchers," researchers wrote.


News URL

https://threatpost.com/linux-variant-ransomware-vmwares-nas/167511/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 18 397 1368 1114 696 3575