The RansomHub ransomware has added a Linux encryptor targeting VMware ESXi environments. Initially emerging in February 2024, RansomHub has quickly risen to become the fourth most prolific ransomware operator in recent months. Symantec experts suspect it is a variant of the Knight ransomware, which targeted multiple platforms before being shut down in February 2024. The … Read more
A recent report by BleepingComputer has revealed that a new Linux encryptor was used in attacks against VMware ESXi environments as part of the ransomware-as-a-service operation known as RansomHub. This encryptor is believed to be based on the discontinued Knight ransomware and offers various features such as decryption of configurations, execution delays, progress information logging, … Read more
The RansomHub ransomware operation, launched in February 2024, targets VMware ESXi environments in enterprise attacks. It is a ransomware-as-a-service (RaaS) operation linked to other ransomware groups and has affected over 45 victims in 18 countries. A specialized ESXi variant of RansomHub was discovered by Recorded Future in April 2024, showing overlaps with the now-defunct Knight … Read more