Security News > 2021 > August > Linux version of BlackMatter ransomware targets VMware ESXi servers
The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform.
With VMware ESXi being the most popular virtual machine platform, almost every enterprise-targeting ransomware operation has begun to release encryptors that specifically target its virtual machines.
Yesterday, security researcher MalwareHunterTeam found a Linux ELF64 encryptor [VirusTotal] for the BlackMatter ransomware gang that specifically targets VMware ESXi servers based on its functionality.
From the sample BlackMatter's Linux encryptor shared with BleepingComputer, it is clear that it was designed solely to target VMWare ESXi servers.
Targeting ESXi servers is very efficient when conducting ransomware attacks, as it allows the threat actors to encrypt numerous servers at once with a single command.
As more businesses move to this type of platform for their servers, we will continue to see ransomware developers focus primarily on Windows machines but also create a dedicated Linux encrypted targeting ESXi.
News URL
Related news
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)