Security News > 2021 > July > Linux version of HelloKitty ransomware targets VMware ESXi servers
The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage.
Yesterday, security researcher MalwareHunterTeam found numerous Linux ELF64 versions of the HelloKitty ransomware targeting ESXi servers and the virtual machines running on them.
Ransomware gangs targeting ESXi servers will shut down virtual machines before encrypting files to prevent the files from being locked and to avoid data corruption.
Last month, MalwareHunterTeam also found a Linux version of the REvil ransomware that targets ESXi servers and used the esxcli command as part of the encryption process.
Emsisoft CTO Fabian Wosar told BleepingComputer at the time that other ransomware operations, such as Babuk, RansomExx/Defray, Mespinoza, GoGoogle, and the now-defunct DarkSide, have also created Linux encryptors to target ESXi virtual machines.
"The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically," said Wosar.
News URL
Related news
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (source)
- LockBit ransomware returns to attacks with new encryptors, servers (source)
- New Bifrost malware for Linux mimics VMware domain for evasion (source)
- New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion (source)
- BlackCat ransomware turns off servers amid claim they stole $22 million ransom (source)
- VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)