Security News > 2023 > February > The Week in Ransomware - February 10th 2023 - Clop's Back

From ongoing attacks targeting ESXi servers to sanctions on Conti/TrickBot members, it has been quite a busy week regarding ransomware.

The worldwide ESXiArgs ransomware attacks continued to plague VMware ESXi servers over the weekend and into the week.

With ESXi, such a juicy target for ransomware gangs, the Linux encryptor for the Royal Ransomware group has also developed its own Linux encrypt to encrypt virtual machines.

After a long period of few victims and activity on their data leak site, the Clop ransomware gang is back, claiming to be behind attacks using a zero-day vulnerability in GoAnywhere MFT. The ransomware gang says they exploited the vulnerability to steal data from 130 companies, but we have been unable to verify this independently.

We also learned some news about various ransomware attacks, including LockBit finally claiming the attack on Royal Mail, an attack on Canada's Indigo book stores, and A10 Networks confirming they suffered a data breach after a Play ransomware attack.

Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines.

News URL

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-10th-2023-clops-back/