Linux version of HelloKitty ransomware targets VMware ESXi servers
The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage.
As the enterprise increasingly moves to virtual machines for easier backup and resource management, ransomware gangs are evolving their tactics to create Linux encryptors that target these servers.
VMware ESXi is one of the most popular enterprise virtual machine platforms. Over the past year, there has been an increasing number of ransomware gangs releasing Linux encryptors targeting this platform.
While ESXi is not strictly Linux as it uses its own customer kernel, it does share many similar characteristics, including the ability to run ELF64 Linux executables.
Yesterday, security researcher MalwareHunterTeam found numerous Linux ELF64 versions of the HelloKitty ransomware targeting ESXi servers and the virtual machines running on them.
It has been known that HelloKitty utilizes a Linux encryptor, but this is the first sample that researchers have publicly spotted.
/image%2F6283631%2F20210518%2Fob_919b9b_ubuntu-software-center-in-kali-linux.jpeg)
