Security News > 2022 > January > Linux version of AvosLocker ransomware targets VMware ESXi servers

AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.

While we couldn't find what targets were targeted using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one victim that got hit with a $1 million ransom demand.

Several months ago, the AvosLocker gang was also seen advertising its latest ransomware variants, the Windows Avos2 and AvosLinux, while making a point of warning affiliates not to attack post-soviet/CIS targets.

Since October, Hive ransomware started encrypting Linux and FreeBSD systems using new malware variants, within months after researchers spotted a REvil ransomware Linux encryptor targeting VMware ESXi VMs. Emsisoft CTO Fabian Wosar told BleepingComputer that other ransomware gangs, including Babuk, RansomExx/Defray, Mespinoza, GoGoogle, DarkSide, and Hellokitty, have also created and used their own Linux encryptors.

"The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically," Wosar explained.

You can find more info on AvosLocker ransomware and what to do if you get hit by this ransomware family in our support topic.

News URL

https://www.bleepingcomputer.com/news/security/linux-version-of-avoslocker-ransomware-targets-vmware-esxi-servers/