Security News > 2024 > June > Linux version of RansomHub ransomware targets VMware ESXi VMs
The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks.
The existence of a Windows and Linux RansomHub encryptor has been confirmed since early May. Recorded Future now reports that the threat group also has a specialized ESXi variant in its arsenal, which it first saw in April 2024.
Unlike RansomHub's Windows and Linux versions that are written in Go, the ESXi version is a C++ program likely derived from the now-defunct Knight ransomware.
RansomHub is no exception, with their ESXi encryptor supporting various command-line options for setting an execution delay, specifying which VMs should be excluded from encryption, what directory paths to target, and more.
New Fog ransomware targets US education sector via breached VPNs. RansomHub extortion gang linked to now-defunct Knight ransomware.
Linux version of TargetCompany ransomware focuses on VMware ESXi.