VMware ESXi virtual machines on Linux are being targeted by the Black Basta ransomware gang, which has developed new binaries directed at encrypting Linux instances, according to BleepingComputer.
Uptycs Threat Research analysts discovered that /vmfs/ volumes housing virtual machines within compromised servers are being scoured by the Black Basta ransomware binary, which also facilitates file encryption through the ChaCha20 algorithm. Encrypted file names are then appended with the .basta extension, while ransom notes will be created in every folder.
"The Black Basta was first seen this year during the month of April, in which its variants targeted Windows systems. Based on the chat support link and encrypted file extension, we believe that the actors behind this campaign are the same who targeted Windows systems earlier with the Black Basta ransomware," said Uptycs researchers Nischay Hedge and Siddharth Sharma.
Black Basta's creation of a Linux encryptor comes after other ransomware groups, including DarkSide, Babuk, PureLocker, Mespinoza, Snatch, GoGoogle, and RansomExx/Defray have developed their own encryptors.
VMware ESXi servers under attack from Black Basta for Linux
VMware ESXi virtual machines on Linux are being targeted by the Black Basta ransomware gang, which has developed new binaries directed at encrypting Linux instances, according to BleepingComputer.
Aside from inconsistencies between Content Validator inputs and those received by the Content Interpreter, such an issue was also caused by an out-of-bounds flaw in the Content Interpreter and inadequate testing, according to a root cause analysis issued by CrowdStrike.
Implementing modern IAM platforms and policies will strengthen organizational cybersecurity as a whole, a collection of cybersecurity leaders said in a recent roundtable discussion.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news