Abyss Locker Ransomware Looks to Drown VMwares ESXi Servers

  /     /     /  
Publicated : 23/11/2024   Category : security

Abyss Locker Ransomware Looks to Drown VMwares ESXi Servers


The 4-month-old ransomware gang is now actively targeting VMwares virtual environments with a second variant of its custom malware.


The Abyss Locker ransomware gang is now a threat to industrial control systems (ICS), enterprises, and public-sector organizations alike thanks to a custom Linux encryptor aimed at deep-sixing VMwares ESXi virtualized environments.
According to
KELA researchers
(PDF), Abyss Locker was launched in March as part of a double-extortion ransomware gambit, in which data is both encrypted and exfiltrated for possible leaking if the victim doesnt pay up. Version 2, first
spotted by security researcher MalwareHunterTeam
this month, now contains a Linux ELF encryptor variant that appears to be specifically aimed at ESXi virtual machines (VMs). So far, according to analysis, the group has claimed 14 victims.
Abyss Lockers pivot is part of a larger trend. The widespread use of ESXi platform and the fact that the hypervisor that manages the VMs does not support any third-party malware detection capabilities has made the technology an increasingly attractive target for ransomware operators.
Several ransomware collectives, including new kid on the block
Akira
, Black Basta,
Cl0p
, HelloKitty, IceFire, Hive, LockBit,
MichaelKors
,
Royal
, REvil, and others have all made
the move to Linux
and locking up ESXi machines. Stoking the trend is the
release of the VMware-focused Babuk source code
, which as of mid-May had spawned at least 10 EXSi-ready ransomware variants, according to a SentinelOne report at the time.
Ransomware hunter
Michael Gillespie told
BleepingComputer that Abyss Lockers Linux encryptor appears to be based on the older HelloKitty ransomware, which was behind a string of high-profile attacks such as 
the Cyberpunk 2077 gaming attack two+ years ago.
 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Abyss Locker Ransomware Looks to Drown VMwares ESXi Servers