Security News > 2023 > December > Linux version of Qilin ransomware focuses on VMware ESXi
A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date.
Last month, security researcher MalwareHunterTeam found a Linux ELF64 encryptor for the Qilin ransomware gang and shared it with BleepingComputer to analyze.
While the encryptor can be used on Linux, FreeBSD, and VMware ESXi servers, it heavily focuses on encrypting virtual machines and deleting their snapshots.
When executed, the ransomware will determine if it is running in Linux, FreeBSD, or VMware ESXi server.
VMware expert Melissa Palmer told BleepingComputer that these commands were likely copied from VMware support bulletins to resolve a known VMware memory heap exhaustion bug and increase performance when executing ESXi commands on the server.
Microsoft shares temp fix for broken Windows Server 2022 VMs. MGM casino's ESXi servers allegedly encrypted in ransomware attack.
News URL
Related news
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (source)
- Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (source)