Security News > 2023 > December > Linux version of Qilin ransomware focuses on VMware ESXi

Linux version of Qilin ransomware focuses on VMware ESXi
2023-12-03 21:07

A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date.

Last month, security researcher MalwareHunterTeam found a Linux ELF64 encryptor for the Qilin ransomware gang and shared it with BleepingComputer to analyze.

While the encryptor can be used on Linux, FreeBSD, and VMware ESXi servers, it heavily focuses on encrypting virtual machines and deleting their snapshots.

When executed, the ransomware will determine if it is running in Linux, FreeBSD, or VMware ESXi server.

VMware expert Melissa Palmer told BleepingComputer that these commands were likely copied from VMware support bulletins to resolve a known VMware memory heap exhaustion bug and increase performance when executing ESXi commands on the server.

Microsoft shares temp fix for broken Windows Server 2022 VMs. MGM casino's ESXi servers allegedly encrypted in ransomware attack.


News URL

https://www.bleepingcomputer.com/news/security/linux-version-of-qilin-ransomware-focuses-on-vmware-esxi/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232
Vmware 146 11 222 256 102 591