Security News > 2023 > May > New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems
A new ransomware-as-service operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023.
"In fact, VMware goes as far as to claim it's not required. This, combined with the popularity of ESXi as a widespread and popular virtualization and management system, makes the hypervisor a highly attractive target for modern adversaries."
The targeting of VMware ESXi hypervisors with ransomware to scale such campaigns is a technique known as hypervisor jackpotting.
What's more, an analysis from SentinelOne last week revealed that 10 different ransomware families, including Conti and REvil, have utilized leaked Babuk source code in September 2021 to develop lockers for VMware ESXi hypervisors.
Part of the reason why VMware ESXi hypervisors are becoming an attractive target is that the software runs directly on a physical server, granting a potential attacker the ability to run malicious ELF binaries and gain unfettered access over the machine's underlying resources.
To mitigate the impact of hypervisor jackpotting, organizations are recommended to avoid direct access to ESXi hosts, enable two-factor authentication, take periodic backups of ESXi datastore volumes, apply security updates, and conduct security posture reviews.
News URL
https://thehackernews.com/2023/05/new-michaelkors-ransomware-as-service.html
Related news
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- New Bifrost malware for Linux mimics VMware domain for evasion (source)
- New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion (source)
- VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (source)
- Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (source)