Security News > 2023 > April > RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts
The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system.
"Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leaked source code," Uptycs said in a new report published Wednesday.
RTM Locker was first documented by Trellix earlier this month, describing the adversary as a private ransomware-as-a-service provider.
The Linux flavor is specifically geared to single out ESXi hosts by terminating all virtual machines running on a compromised host prior to commencing the encryption process.
Decrypting a file locked with RTM Locker requires the public key appended to the end of the encrypted file and the attacker's private key.
The development comes as Microsoft revealed that vulnerable PaperCut servers are being actively targeted by threat actors to deploy Cl0p and LockBit ransomware.
News URL
https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html
Related news
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (source)
- Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (source)