Security News > 2023 > July > Linux version of Abyss Locker ransomware targets VMware ESXi servers
The Abyss Locker operation is the latest to develop a Linux encryptor to target VMware's ESXi virtual machines platform in attacks on the enterprise.
With VMware ESXi being one of the most popular virtual machine platforms, almost every ransomware gang has begun to release Linux encryptors to encrypt all virtual servers on a device.
Abyss Locker is a relatively new ransomware operation that is believed to have launched in March 2023, when it began to target companies in attacks.
After looking at the strings in the executable, it is clear that the encryptor specifically targets VMware ESXi servers.
Ransomware expert Michael Gillespie said that the Abyss Locker Linux encryptor is based on Hello Kitty, using ChaCha encryption instead. However, it is not known if this is a rebrand of the HelloKitty operation or if another ransomware operation gained access to the encryptor's source code, as we saw with Vice Society.
Linux version of Akira ransomware targets VMware ESXi servers.
News URL
Related news
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)