Security News > 2023 > December > Linux version of Qilin ransomware focuses on VMware ESXi
A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date.
Last month, security researcher MalwareHunterTeam found a Linux ELF64 encryptor for the Qilin ransomware gang and shared it with BleepingComputer to analyze.
While the encryptor can be used on Linux, FreeBSD, and VMware ESXi servers, it heavily focuses on encrypting virtual machines and deleting their snapshots.
When executed, the ransomware will determine if it is running in Linux, FreeBSD, or VMware ESXi server.
VMware expert Melissa Palmer told BleepingComputer that these commands were likely copied from VMware support bulletins to resolve a known VMware memory heap exhaustion bug and increase performance when executing ESXi commands on the server.
Microsoft shares temp fix for broken Windows Server 2022 VMs. MGM casino's ESXi servers allegedly encrypted in ransomware attack.