Security News > 2024 > June > Linux version of RansomHub ransomware targets VMware ESXi VMs
The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks.
The existence of a Windows and Linux RansomHub encryptor has been confirmed since early May. Recorded Future now reports that the threat group also has a specialized ESXi variant in its arsenal, which it first saw in April 2024.
Unlike RansomHub's Windows and Linux versions that are written in Go, the ESXi version is a C++ program likely derived from the now-defunct Knight ransomware.
RansomHub is no exception, with their ESXi encryptor supporting various command-line options for setting an execution delay, specifying which VMs should be excluded from encryption, what directory paths to target, and more.
New Fog ransomware targets US education sector via breached VPNs. RansomHub extortion gang linked to now-defunct Knight ransomware.
Linux version of TargetCompany ransomware focuses on VMware ESXi.
News URL
Related news
- Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)
- Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users (source)
- New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems (source)
- New Mallox ransomware Linux variant based on leaked Kryptina code (source)