Royal ransomware spreads to Linux and VMware ESXi

2023-02-10 20:20

This subgroup, which is called Conti Team 1, released the Zion ransomware before rebranding it as Royal ransomware.

Royal spread so fast because it became the ransomware making the biggest number of victims in November 2022, taking the lead in front of the LockBit ransomware.

The threat actor used the Citrix vulnerability before any public exploit, showing that the ransomware group is amongst the most sophisticated ransomware threat actors.

Royal ransomware also might be spread by malware downloaders, such as QBot or BATLOADER. Contact forms from companies were also used to distribute the ransomware.

The new Royal ransomware sample reported by Cyble is a 64-bit Linux executable compiled using GNU Compiler Collection.

SEE: Massive ransomware operation targets VMware ESXi.

News URL

https://www.techrepublic.com/article/royal-ransomware-linux-vmware-esxi/

#esxi #linux #ransomware #vmware

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		11	64	2312	1489	67	3932
Vmware		146	11	222	256	102	591

News URL

Related news

Related vendor