Security News > 2023 > February > Linux version of Royal Ransomware targets VMware ESXi servers
Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines.
The new Linux Royal Ransomware variant was discovered by Will Thomas of the Equinix Threat Analysis Center, and is executed using the command line.
Royal u extension to all encrypted files on the VM. While anti-malware solutions had issues detecting Royal Ransomware samples that bundle the new targeting capabilities, they're now detected by 23 out of 62 malware scanning engines on VirusTotal.
Royal Ransomware is a private operation comprised of seasoned threat actors who previously worked with the Conti ransomware operation.
"The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically," Wosar told BleepingComputer last year.
To put things in perspective and show just how exposed to attacks such servers are, a new ransomware strain known as ESXiArgs was used to scan for and encrypt unpatched servers in a massive campaign targeting ESXi devices worldwide this Friday.
News URL
Related news
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (source)
- BlackCat ransomware turns off servers amid claim they stole $22 million ransom (source)
- VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)
- Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (source)