Ransomware

VMware ESXi servers subjected to Akira for Linux ransomware attacks

Share

BleepingComputer reports that VMware ESXi servers have been targeted with a Linux version of the Akira ransomware, which malware analyst rivitna first identified. Analysis of Akira ransomware's custom Linux encryptor conducted by BleepingComputer revealed the presence of limited command line arguments and the targeting of a plethora of file extensions but not folders and files involving Windows folders and executables. However, advanced functionality has been limited with the new Akira for Linux encryptor. Meanwhile, a separate report from Cyble showed that a public RSA encryption key is part of the Linux version of Akira, which also uses AES, IDEA-CB, DES, CAMELLIA, and other symmetric key algorithms for encrypting files. Akira's increased targeting with its new Linux encryptor indicates the ransomware operation's growing threat and comes after other ransomware gangs, including Black Basta, Royal, BlackMatter, LockBit, AvosLocker, HelloKitty, REvil, Hive, and RansomEXX, unveiled their respective Linux ransomware encryptors aimed at compromising VMware ESXi servers.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems

Attacks with Wolfsbane commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed.

ONNX phishing-as-a-service operation disrupted

Organizations in the financial services sector have been primarily targeted by the ONNX, whose Telegram-based operations had been cut off following a court order that allowed Microsoft to transfer the PhaaS platform's infrastructure to its servers, according to Microsoft Digital Crimes Unit Assistant General Counsel Steven Masada.

Ransomware attacks primarily caused by poor cyber hygiene

Aside from primarily leveraging basic usernames for their accounts, organizations impacted by ransomware intrusions from July to September — including those in the government and healthcare industries — also mostly failed to implement multi-factor authentication that could have deterred brute-force attacks.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.