Security News > 2022 > June > Linux version of Black Basta ransomware targets VMware ESXi servers
Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers.
In a new report, Uptycs Threat Research analysts revealed that they spotted new Black Basta ransomware binaries specifically targeting VMWare ESXi servers.
Linux ransomware encryptors are nothing new, and BleepingComputer has been reporting on similar encryptors released by multiple other gangs, including LockBit, HelloKitty, BlackMatter, REvil, AvosLocker, RansomEXX, and Hive.
Like other Linux encryptors, Black Basta's ransomware binary will search for the /vmfs/volumes where the virtual machines are stored on the compromised ESXi servers.
Black Basta ransomware was first spotted in the wild in the second week of April, as the operation quickly ramped up its attacks targeting companies worldwide.
"The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically," Wosar explained.
News URL
Related news
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- New Mallox ransomware Linux variant based on leaked Kryptina code (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)