The REvil ransomware operators are now using a Linux encryptor to encrypts Vmware ESXi virtual machines which are widely adopted by enterprises.
The availability of the Linux encryptor was announced by the REvil gang in May, a circumstance that suggests the group is expanding its operation.
Now MalwareHunterTeam researchers spotted a Linux version of the REvil ransomware that also targets ESXi servers, BleepingComputer reported.
The popular malware researcher Vitali Kremez explained that the new variant is an ELF64 executable with the same configuration options as the Windows version.
“Kremez states that this is the first known time the Linux variant has been publicly available since it was released.” states BleepingComputer.
Upon executing on ESXi servers, the Linux version of the ransomware will run the esxcli command line tool to list all running ESXi virtual machines and close the virtual machine disk (VMDK) files stored in the /vmfs/ folder. Then the REvil ransomware will encrypt the files.
esxcli --formatter=csv --format-param=fields=="WorldID,DisplayName" vm process list | awk -F ""*,"*" '{system("esxcli vm process kill --type=force --world-id=" $1)}'
Indicators of Compromise (IoC) for REvil Linux encryptor have been published by security expert Jaime Blasco on Alienvault’s Open Threat Exchange.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Linux)
[adrotate banner=”5″]
[adrotate banner=”13″]
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
This website uses cookies.