Security News

A new ransomware named 'Cheers' has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers. We have seen many ransomware groups targeting the VMware ESXi platform in the past, with the most recent additions being LockBit and Hive.

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim's ransom negotiations. Ransomware gang's Linux encryptors typically target the VMware ESXI virtualization platforms as they are the most commonly used in the enterprise.

VMware has issued a critical security update to address issues in its ESXi, Fusion and Workstation products, including VMware Cloud Foundation versions. VMware noted that patching VMware ESXi, Fusion and Workstation is the fastest method to resolve the issues, but organizations could also remove USB controllers from their VMs as a workaround.

LockBit is the latest ransomware gang whose Linux encryptor has been discovered to be focusing on the encryption of VMware ESXi virtual machines.Due to this, ransomware gangs have evolved their tactics to create Linux encryptors that specifically target the popular VMware vSphere and ESXi virtualization platforms over the past year.

AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines. While we couldn't find what targets were targeted using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one victim that got hit with a $1 million ransom demand.

VMWare has shipped updates to Workstation, Fusion, and ESXi products to address an "Important" security vulnerability that could be weaponized by a threat actor to take control of affected systems. The company credited Jaanus Kääp, a security researcher with Clarified Security, for reporting the flaw.

Sophos has released details of a new ransomware written in Python that attackers used to compromise and encrypt virtual machines hosted on an ESXi hypervisor."This is one of the fastest ransomware attacks Sophos has ever investigated and it appeared to precision-target the ESXi platform," said Andrew Brandt, principal researcher at Sophos.

Researchers have discovered a new Python ransomware from an unnamed gang that's striking ESXi servers and virtual machines with what they called "Sniper-like" speed. While the choice of Python for the ransomware is fairly distinctive, going after ESXi servers is anything but.

Operators of an unknown ransomware gang are using a Python script to encrypt virtual machines hosted on VMware ESXi servers. While the Python programming language is not commonly used in ransomware development, it is a logical choice for ESXi systems, seeing that such Linux-based servers come with Python installed by default.

The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. With VMware ESXi being the most popular virtual machine platform, almost every enterprise-targeting ransomware operation has begun to release encryptors that specifically target its virtual machines.