Security News > 2024 > June > Linux version of RansomHub ransomware targets VMware ESXi VMs

Linux version of RansomHub ransomware targets VMware ESXi VMs
2024-06-20 19:00

The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks.

The existence of a Windows and Linux RansomHub encryptor has been confirmed since early May. Recorded Future now reports that the threat group also has a specialized ESXi variant in its arsenal, which it first saw in April 2024.

Unlike RansomHub's Windows and Linux versions that are written in Go, the ESXi version is a C++ program likely derived from the now-defunct Knight ransomware.

RansomHub is no exception, with their ESXi encryptor supporting various command-line options for setting an execution delay, specifying which VMs should be excluded from encryption, what directory paths to target, and more.

New Fog ransomware targets US education sector via breached VPNs. RansomHub extortion gang linked to now-defunct Knight ransomware.

Linux version of TargetCompany ransomware focuses on VMware ESXi.


News URL

https://www.bleepingcomputer.com/news/security/linux-version-of-ransomhub-ransomware-targets-vmware-esxi-vms/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2602 1595 67 4328
Vmware 146 11 222 256 102 591