Security News > 2023 > February > Royal ransomware spreads to Linux and VMware ESXi

Royal ransomware spreads to Linux and VMware ESXi
2023-02-10 20:20

This subgroup, which is called Conti Team 1, released the Zion ransomware before rebranding it as Royal ransomware.

Royal spread so fast because it became the ransomware making the biggest number of victims in November 2022, taking the lead in front of the LockBit ransomware.

The threat actor used the Citrix vulnerability before any public exploit, showing that the ransomware group is amongst the most sophisticated ransomware threat actors.

Royal ransomware also might be spread by malware downloaders, such as QBot or BATLOADER. Contact forms from companies were also used to distribute the ransomware.

The new Royal ransomware sample reported by Cyble is a 64-bit Linux executable compiled using GNU Compiler Collection.

SEE: Massive ransomware operation targets VMware ESXi.


News URL

https://www.techrepublic.com/article/royal-ransomware-linux-vmware-esxi/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2572 1587 67 4290
Vmware 146 11 222 256 102 591