"Linux Version of Akira Ransomware Targets VMware ESXi Servers"

The "Akira" ransomware operation now uses a Linux encryptor to encrypt VMware ESXi Virtual Machines (VMs) in double extortion attacks against companies globally. Akira first appeared in March 2023, targeting Windows systems in different industries, including education, finance, real estate, and manufacturing. The threat actors, like other enterprise-targeting ransomware groups, steal data from breached networks and encrypt files to carry out double extortion on victims, demanding payments of several million dollars. Since its emergence, the ransomware operation has claimed more than 30 victims in the US alone, with two different surges in ID Ransomware submissions at the end of May and in June. The malware analyst rivitna recently shared a sample of the new encryptor on VirusTotal after discovering the Linux variant of Akira. This article continues to discuss the Linux version of Akira ransomware targeting VMware ESXi servers.

Bleeping Computer reports "Linux Version of Akira Ransomware Targets VMware ESXi Servers"