VMware ESXi servers under attack from Black Basta for Linux

VMware ESXi virtual machines on Linux are being targeted by the Black Basta ransomware gang, which has developed new binaries directed at encrypting Linux instances, according to BleepingComputer. Uptycs Threat Research analysts discovered that /vmfs/ volumes housing virtual machines within compromised servers are being scoured by the Black Basta ransomware binary, which also facilitates file encryption through the ChaCha20 algorithm. Encrypted file names are then appended with the .basta extension, while ransom notes will be created in every folder. "The Black Basta was first seen this year during the month of April, in which its variants targeted Windows systems. Based on the chat support link and encrypted file extension, we believe that the actors behind this campaign are the same who targeted Windows systems earlier with the Black Basta ransomware," said Uptycs researchers Nischay Hedge and Siddharth Sharma. Black Basta's creation of a Linux encryptor comes after other ransomware groups, including DarkSide, Babuk, PureLocker, Mespinoza, Snatch, GoGoogle, and RansomExx/Defray have developed their own encryptors.