Security News > 2022 > January > Linux version of AvosLocker ransomware targets VMware ESXi servers
AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.
While we couldn't find what targets were targeted using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one victim that got hit with a $1 million ransom demand.
Several months ago, the AvosLocker gang was also seen advertising its latest ransomware variants, the Windows Avos2 and AvosLinux, while making a point of warning affiliates not to attack post-soviet/CIS targets.
Since October, Hive ransomware started encrypting Linux and FreeBSD systems using new malware variants, within months after researchers spotted a REvil ransomware Linux encryptor targeting VMware ESXi VMs. Emsisoft CTO Fabian Wosar told BleepingComputer that other ransomware gangs, including Babuk, RansomExx/Defray, Mespinoza, GoGoogle, DarkSide, and Hellokitty, have also created and used their own Linux encryptors.
"The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically," Wosar explained.
You can find more info on AvosLocker ransomware and what to do if you get hit by this ransomware family in our support topic.
News URL
Related news
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- Fake KeePass password manager leads to ESXi ransomware attack (source)
- Police takes down 300 servers in ransomware supply-chain crackdown (source)
- 300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide (source)