The ransomware gang behind the high profile attack on CD Projekt Red uses a variant of Linux that targets VMware’s ESXi VM platform for maximum damage.
As companies increasingly move to virtual machines to simplify backup and resource management, ransomware gangs evolve their tactics to develop Linux encryptors that target these servers.
VMware ESXi is one of the most popular platforms for enterprise virtual machines. Over the past year there have been more and more ransomware gangs releasing Linux ciphers that targeted this platform.
While ESXi is not necessarily Linux as it uses its own customer kernel, it has many similar features, including the ability to run ELF64 Linux executables.
HelloKitty is switching to ESXi
Security researcher yesterday MalwareHunterTeam found numerous Linux ELF64 versions of HelloKitty ransomware targeting ESXi servers and the virtual machines running on them.
HelloKitty is known to be a …