"LockBit Ransomware's Linux Version Attacks VMware ESXi Servers"

The Linux version of the LockBit ransomware has been discovered targeting VMware ESXi virtual machines. Virtual machines are increasingly being used to conserve computer resources, consolidate servers, and facilitate backups, resulting in ransomware groups modifying their methods in the last year to develop Linux encryptors that focus on VMware vSphere and ESXi virtualization systems. ESXi is not strictly a Linux distribution, but it does share many of its characteristics, such as the ability to run ELF64 Linux executables. In October 2021, the LockBit group announced new Ransomware-as-a-Service (RaaS) operation capabilities on the RAMP hacking forums, including a new Linux encryptor that attacks VMware ESXi virtual machines. Researchers at Trend Micro then analyzed the group's Linux encryptor and detailed how it is used to attack VMware ESXi and vCenter systems. According to Trend Micro, the encryptor uses Advanced Encryption Standard (AES) to encrypt files and Elliptic-Curve Cryptography (ECC) algorithms to encrypt the decryption keys. Due to the widespread use of VMware ESXi in the industry, all network defenders and security professionals should assume that every major ransomware operation has already produced a Linux variation. With this assumption, admins and security experts should build strong defenses and strategies to protect all devices in their network, not just Windows devices. This article continues to discuss the Linux version of LockBit ransomware targeting VMware ESXi servers. 

CyberIntelMag reports "LockBit Ransomware's Linux Version Attacks VMware ESXi Servers"