Abyss Locker Ransomware Looks to Drown VMwares ESXi Servers

  /     /     /  
Publicated : 23/11/2024   Category : security


Abyss Locker Ransomware Looks to Drown VMwares ESXi Servers


The 4-month-old ransomware gang is now actively targeting VMwares virtual environments with a second variant of its custom malware.



The Abyss Locker ransomware gang is now a threat to industrial control systems (ICS), enterprises, and public-sector organizations alike thanks to a custom Linux encryptor aimed at deep-sixing VMwares ESXi virtualized environments.
According to
KELA researchers
(PDF), Abyss Locker was launched in March as part of a double-extortion ransomware gambit, in which data is both encrypted and exfiltrated for possible leaking if the victim doesnt pay up. Version 2, first
spotted by security researcher MalwareHunterTeam
this month, now contains a Linux ELF encryptor variant that appears to be specifically aimed at ESXi virtual machines (VMs). So far, according to analysis, the group has claimed 14 victims.
Abyss Lockers pivot is part of a larger trend. The widespread use of ESXi platform and the fact that the hypervisor that manages the VMs does not support any third-party malware detection capabilities has made the technology an increasingly attractive target for ransomware operators.
Several ransomware collectives, including new kid on the block
Akira
, Black Basta,
Cl0p
, HelloKitty, IceFire, Hive, LockBit,
MichaelKors
,
Royal
, REvil, and others have all made
the move to Linux
and locking up ESXi machines. Stoking the trend is the
release of the VMware-focused Babuk source code
, which as of mid-May had spawned at least 10 EXSi-ready ransomware variants, according to a SentinelOne report at the time.
Ransomware hunter
Michael Gillespie told
BleepingComputer that Abyss Lockers Linux encryptor appears to be based on the older HelloKitty ransomware, which was behind a string of high-profile attacks such as 
the Cyberpunk 2077 gaming attack two+ years ago.
 

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Abyss Locker Ransomware Looks to Drown VMwares ESXi Servers