Security Affairs
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

AvosLocker ransomware now targets Linux systems, including ESXi servers

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. “While we couldn’t find what targets were attacked using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one […]

AvosLocker ransomware operators

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers.

AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported.

“While we couldn’t find what targets were attacked using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one victim that got hit with a $1 million ransom demand.” reported BleepingComputer. Security researcher MalwareHunterTeam confirmed that the ransomware gang is using the Linux encryptor since November 2021.

Other ransomware operations supporting Linux and ESXi servers are RansomExx/DefrayMespinozaHelloKitty, and Babuk. Linux-based versions of popular ransomware allow gangs to target a broad range of organizations, especially those using ESXi servers.

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers.

According to BleepingComputer, upon execution AvosLinux terminates all ESXi machines on the server then it starts encrypting files.

The AvosLocker ransomware appends the .avoslinux extension to the filenames of all the encrypted files, then drops ransom notes in each folder containing the encrypted files.

The AvosLocker ransomware-as-a-service recently emerged in the threat landscape and its attacks surged between November and December. In a recent wave of attacks, AvosLocker ransomware is rebooting systems into Windows Safe Mode to disable endpoint security solutions.

At the end of December, the AvosLocker ransomware operators released a free decryptor after they accidentally encrypted the system of US Government entity.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, AvosLocker)

[adrotate banner=”5″]

[adrotate banner=”13″]