Security News > 2022 > June > Linux version of Black Basta ransomware targets VMware ESXi servers
Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers.
In a new report, Uptycs Threat Research analysts revealed that they spotted new Black Basta ransomware binaries specifically targeting VMWare ESXi servers.
Linux ransomware encryptors are nothing new, and BleepingComputer has been reporting on similar encryptors released by multiple other gangs, including LockBit, HelloKitty, BlackMatter, REvil, AvosLocker, RansomEXX, and Hive.
Like other Linux encryptors, Black Basta's ransomware binary will search for the /vmfs/volumes where the virtual machines are stored on the compromised ESXi servers.
Black Basta ransomware was first spotted in the wild in the second week of April, as the operation quickly ramped up its attacks targeting companies worldwide.
"The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically," Wosar explained.
News URL
Related news
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- BT unit took servers offline after Black Basta ransomware breach (source)