Security News > 2022 > June > Linux version of Black Basta ransomware targets VMware ESXi servers
Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers.
In a new report, Uptycs Threat Research analysts revealed that they spotted new Black Basta ransomware binaries specifically targeting VMWare ESXi servers.
Linux ransomware encryptors are nothing new, and BleepingComputer has been reporting on similar encryptors released by multiple other gangs, including LockBit, HelloKitty, BlackMatter, REvil, AvosLocker, RansomEXX, and Hive.
Like other Linux encryptors, Black Basta's ransomware binary will search for the /vmfs/volumes where the virtual machines are stored on the compromised ESXi servers.
Black Basta ransomware was first spotted in the wild in the second week of April, as the operation quickly ramped up its attacks targeting companies worldwide.
"The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically," Wosar explained.
- New ‘Cheers’ Linux ransomware targets VMware ESXi servers (source)
- New RedAlert Ransomware targets Windows, Linux VMware ESXi servers (source)
- Cheers ransomware hits VMware ESXi systems (source)
- Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits (source)
- Monero-mining botnet targets Windows, Linux web servers (source)
- Lazarus hackers target VMware servers with Log4Shell exploits (source)
- Week in review: VMware critical fixes, Bluetooth LE flaw unlocks cars, Kali Linux 2022.2 (source)
- EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities (source)
- The Week in Ransomware - June 10th 2022 - Targeting Linux (source)
- Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware (source)