Cybersecurity (opens in new tab) experts have discovered that the threat actors behind the notorious REvil ransomware (opens in new tab) have added a Linux (opens in new tab) version to their arsenal that's designed to attack VMware ESXi virtual machines (opens in new tab).
With the adoption of cloud computing (opens in new tab) technologies like containers and VMs, threat actors have started evolving their attack vectors (opens in new tab) to target this emerging platform, with VMware ESXi now in the crosshairs.
News of the Linux version of REvil’s Sodinokibi ransomware was shared by researchers from MalwareHunterTeam (opens in new tab).
- Here’s our list of the best endpoint protection (opens in new tab) services available
- These are the best firewalls (opens in new tab) on the market
- We’ve also rounded up the best malware removal software (opens in new tab) around
Bleeping Computer (opens in new tab) adds that this development follows the discovery of a REvil ransomware version that attacks NAS (opens in new tab) devices by Yelisey Boguslavskiy of Advanced Intel earlier this year.
Virtually real threat
Advanced Intel's Vitali Kremez, who analyzed the new REvil Linux variant, told Bleeping Computer it exhibits the same characteristics and configuration options used by the more common Windows variant.
Emsisoft (opens in new tab) CTO Fabian Wosar added that other ransomware operations, including Babuk, RansomExx/Defray, Mespinoza, GoGoogle, DarkSide, and Hellokitty, also have Linux variants in their arsenal to attack ESXi VMs.
"The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically," said Wosar.
As well as posing a threat to large enterprises, the development is also worrisome for small and medium businesses (SMBs), which have been among the largest adopters of virtualization for its cost saving advantages. The cost of business servers (opens in new tab) quickly adds up and virtualization technologies like ESXi aren’t just budget friendly, but also reduce the time it takes to provision and deploy servers on demand.
When it comes to guarding against these attacks, security experts have long suggested (opens in new tab) that ransomware operators and other threat actors work by exploiting security weaknesses in their targets. This means that a well-planned and implemented security strategy is essential, irrespective of security software in place.
- Here's our list of the best cloud backup (opens in new tab) services around