Security News > 2023 > April > RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts

RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts
2023-04-27 10:15

The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system.

"Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leaked source code," Uptycs said in a new report published Wednesday.

RTM Locker was first documented by Trellix earlier this month, describing the adversary as a private ransomware-as-a-service provider.

The Linux flavor is specifically geared to single out ESXi hosts by terminating all virtual machines running on a compromised host prior to commencing the encryption process.

Decrypting a file locked with RTM Locker requires the public key appended to the end of the encrypted file and the attacker's private key.

The development comes as Microsoft revealed that vulnerable PaperCut servers are being actively targeted by threat actors to deploy Cl0p and LockBit ransomware.


News URL

https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2312 1489 67 3932