Security News > 2023 > February > Royal ransomware spreads to Linux and VMware ESXi
This subgroup, which is called Conti Team 1, released the Zion ransomware before rebranding it as Royal ransomware.
Royal spread so fast because it became the ransomware making the biggest number of victims in November 2022, taking the lead in front of the LockBit ransomware.
The threat actor used the Citrix vulnerability before any public exploit, showing that the ransomware group is amongst the most sophisticated ransomware threat actors.
Royal ransomware also might be spread by malware downloaders, such as QBot or BATLOADER. Contact forms from companies were also used to distribute the ransomware.
The new Royal ransomware sample reported by Cyble is a 64-bit Linux executable compiled using GNU Compiler Collection.
SEE: Massive ransomware operation targets VMware ESXi.
News URL
https://www.techrepublic.com/article/royal-ransomware-linux-vmware-esxi/
Related news
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (source)
- Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (source)