Security News > 2021 > August > Linux version of BlackMatter ransomware targets VMware ESXi servers
The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform.
With VMware ESXi being the most popular virtual machine platform, almost every enterprise-targeting ransomware operation has begun to release encryptors that specifically target its virtual machines.
Yesterday, security researcher MalwareHunterTeam found a Linux ELF64 encryptor [VirusTotal] for the BlackMatter ransomware gang that specifically targets VMware ESXi servers based on its functionality.
From the sample BlackMatter's Linux encryptor shared with BleepingComputer, it is clear that it was designed solely to target VMWare ESXi servers.
Targeting ESXi servers is very efficient when conducting ransomware attacks, as it allows the threat actors to encrypt numerous servers at once with a single command.
As more businesses move to this type of platform for their servers, we will continue to see ransomware developers focus primarily on Windows machines but also create a dedicated Linux encrypted targeting ESXi.
News URL
Related news
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware (source)
- New VanHelsing ransomware targets Windows, ARM, ESXi systems (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)