430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Now Abyss Locker also targets VMware ESXi servers

A Linux variant of the Abyss Locker designed to target VMware ESXi servers appeared in the threat landscape, experts warn. The operators behind the Abyss Locker developed a Linux variant that targets VMware ESXi servers expanding their potential targets. VMware ESXi servers are privileged targets of ransomware groups and are often part of enterprises’ infrastructures. […]

Abyss Locker

A Linux variant of the Abyss Locker designed to target VMware ESXi servers appeared in the threat landscape, experts warn.

The operators behind the Abyss Locker developed a Linux variant that targets VMware ESXi servers expanding their potential targets.

VMware ESXi servers are privileged targets of ransomware groups and are often part of enterprises’ infrastructures.

The Abyss Locker operation was launched early this year, like other ransomware groups, its operators implement a double-extortion model. At the time of this writing, the Tor leak site managed by the Abyss group lists 14 victim organizations.

Bleeping Computer reported that the researcher MalwareHunterTeam first discovered a Linux ELF encryptor for the Abyss ransomware that was designed to target VMware ESXi servers. Cybersecurity experts Michael Gillespie told BleepingComputer that the Abyss Locker Linux encryptor is based on the Hello Kitty ransomware.

The analysis of the encryptor code revealed that use of the ‘esxcli’ command-line VMware ESXi management tool enumerate virtual machines and terminate them.

Once the VM has been terminated, the malicious code can encrypt virtual disks (.vmdk), metadata (.vmsd), and snapshots (.vmsn).

The Abyss encryptor appends the .crypt extension to the filenames of the encrypted files and for each file creates a file with a .README_TO_RESTORE extension, which is the ransom note that contains the instructions for the negotiations.

Abyss Locker is the last operation in order of time that developed an encryptor to target VMware ESXi servers, other ransomware groups using Linux encryptors are AvosLockerBlack Basta, BlackMatterHelloKitty, LockBit, LunaRansomEXX, REvil, and Royal.

Follow me on Twitter: @securityaffairs Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Abyss)