Security News > 2022 > May > New ‘Cheers’ Linux ransomware targets VMware ESXi servers
A new ransomware named 'Cheers' has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers.
We have seen many ransomware groups targeting the VMware ESXi platform in the past, with the most recent additions being LockBit and Hive.
The addition of Cheers ransomware to the club was discovered by analysts at Trend Micro, who call the new variant 'Cheerscrypt'.
These file extensions are associated with ESXi snapshots, log files, swap files, paging files, and virtual disks.
While scanning folders for files to encrypt, the ransomware will create ransom notes named 'How To Restore Your Files.
BleepingComputer found the data leak and victim extortion Onion site for the Cheers ransomware operation, which lists only four victims for now.
News URL
Related news
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)