HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs. For the first ti

Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers

submited by
Style Pass
2021-07-18 01:00:05

HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs.

For the first time, researchers have publicly spotted a Linux encryptor used by the HelloKitty ransomware gang: the outfit behind the February attack on videogame developer CD Projekt Red.

On Wednesday, MalwareHunterTeam disclosed its discovery of numerous Linux ELF-64 versions of the HelloKitty ransomware targeting VMware ESXi servers and virtual machines (VMs) running on them.

Seems no one mentioned yet, so let me do it: the Linux version of HelloKitty ransomware was already using esxcli at least in early March for stopping VMs…@VK_Intel @demonslay335 pic.twitter.com/atSv0OO7YL

The fact that HelloKitty uses a Linux encryptor isn’t a lightbulb moment, but this is the first sample that researchers have observed.

ESXi isn’t strictly Linux, as it has its own, custom kernel. But it’s similar, including in its ability to run ELF-64 Linux executables. Executable and Linkable Format (ELF-64) is a standard file format for executable files within Linux and UNIX-like operating systems.

Leave a Comment