BleepingComputer reports that VMware ESXi servers have been targeted with a Linux version of the Akira ransomware, which malware analyst rivitna first identified.
Analysis of Akira ransomware's custom Linux encryptor conducted by BleepingComputer revealed the presence of limited command line arguments and the targeting of a plethora of file extensions but not folders and files involving Windows folders and executables. However, advanced functionality has been limited with the new Akira for Linux encryptor. Meanwhile, a separate report from Cyble showed that a public RSA encryption key is part of the Linux version of Akira, which also uses AES, IDEA-CB, DES, CAMELLIA, and other symmetric key algorithms for encrypting files. Akira's increased targeting with its new Linux encryptor indicates the ransomware operation's growing threat and comes after other ransomware gangs, including Black Basta, Royal, BlackMatter, LockBit, AvosLocker, HelloKitty, REvil, Hive, and RansomEXX, unveiled their respective Linux ransomware encryptors aimed at compromising VMware ESXi servers.
Ransomware
VMware ESXi servers subjected to Akira for Linux ransomware attacks
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds