REvil ransomware group deploys Linux encryptor against VMs

By Mayank Sharma
published

Cloud computing presents an opportunity on both sides of the fence

Lock on Laptop Screen
(Image credit: Future)
Audio player loading…

Cybersecurity (opens in new tab) experts have discovered that the threat actors behind the notorious REvil ransomware (opens in new tab) have added a Linux (opens in new tab) version to their arsenal that's designed to attack VMware ESXi virtual machines (opens in new tab).

With the adoption of cloud computing (opens in new tab) technologies like containers and VMs, threat actors have started evolving their attack vectors (opens in new tab) to target this emerging platform, with VMware ESXi now in the crosshairs.

News of the Linux version of REvil’s Sodinokibi ransomware was shared by researchers from MalwareHunterTeam (opens in new tab).

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window (opens in new tab) <<

Bleeping Computer (opens in new tab) adds that this development follows the discovery of a REvil ransomware version that attacks NAS (opens in new tab) devices by Yelisey Boguslavskiy of Advanced Intel earlier this year.

Virtually real threat

Advanced Intel's Vitali Kremez, who analyzed the new REvil Linux variant, told Bleeping Computer it exhibits the same characteristics and configuration options used by the more common Windows variant.

Emsisoft (opens in new tab) CTO Fabian Wosar added that other ransomware operations, including Babuk, RansomExx/Defray, Mespinoza, GoGoogle, DarkSide, and Hellokitty, also have Linux variants in their arsenal to attack ESXi VMs.

"The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically," said Wosar.

As well as posing a threat to large enterprises, the development is also worrisome for small and medium businesses (SMBs), which have been among the largest adopters of virtualization for its cost saving advantages. The cost of business servers (opens in new tab) quickly adds up and virtualization technologies like ESXi aren’t just budget friendly, but also reduce the time it takes to provision and deploy servers on demand. 

When it comes to guarding against these attacks, security experts have long suggested (opens in new tab) that ransomware operators and other threat actors work by exploiting security weaknesses in their targets. This means that a well-planned and implemented security strategy is essential, irrespective of security software in place.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

See more Computing news