REvil ransomware group deploys Linux encryptor against VMs

Cloud computing presents an opportunity on both sides of the fence

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityexperts have discovered that the threat actors behind the notorious REvilransomwarehave added aLinuxversion to their arsenal that’s designed to attack VMware ESXivirtual machines.

With the adoption ofcloud computingtechnologies like containers and VMs, threat actors have startedevolving their attack vectorsto target this emerging platform, with VMware ESXi now in the crosshairs.

News of the Linux version of REvil’s Sodinokibi ransomware was shared by researchers fromMalwareHunterTeam.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

Click here to start the survey in a new window«

Bleeping Computeradds that this development follows the discovery of a REvil ransomware version that attacksNASdevices by Yelisey Boguslavskiy of AdvancedIntelearlier this year.

Virtually real threat

Advanced Intel’s Vitali Kremez, who analyzed the new REvil Linux variant, toldBleeping Computerit exhibits the same characteristics and configuration options used by the more common Windows variant.

EmsisoftCTO Fabian Wosar added that other ransomware operations, including Babuk, RansomExx/Defray, Mespinoza, GoGoogle, DarkSide, and Hellokitty, also have Linux variants in their arsenal to attack ESXi VMs.

“The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically,” said Wosar.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

As well as posing a threat to large enterprises, the development is also worrisome for small and medium businesses (SMBs), which have been among the largest adopters of virtualization for its cost saving advantages. The cost ofbusiness serversquickly adds up and virtualization technologies like ESXi aren’t just budget friendly, but also reduce the time it takes to provision and deploy servers on demand.

When it comes to guarding against these attacks,security experts have long suggestedthat ransomware operators and other threat actors work by exploiting security weaknesses in their targets. This means that a well-planned and implemented security strategy is essential, irrespective of security software in place.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

iStorage Group acquires Kanguru Solutions as it looks to expand security offering