HQ/EMEAFind out how we can help your business
A new variant of the Abyss Locker ransomware could now infect the Linux-based VMware ESXi servers. The ransomware developers designed the new strain to target the earlier-mentioned OS. Hence, it is the latest variant of the ever-growing Abyss ransomware family.
The ransomware has been operating since 2019 and has targeted various platforms and systems during its ongoing operations. The latest development of such threats is a prime example of how threat actors develop new capabilities to widen their attack scope.
The Abyss Locker for Linux employs sophisticated attacks.
According to investigations, the Linux version of the Abyss Locker uses sophisticated attack techniques that could acquire unauthorised access to VMware ESXi servers.
In addition, the malware utilises SSH brute force attacks to exploit poorly secured and compromised credentials to gain access to a targeted system.
Subsequently, the malware proceeds to encrypt virtual machines once the ransomware gains access to the VMware ESXi server. This technique could render them inaccessible and useless.
Lastly, the threat actors could drop a ransom note demanding cryptocurrency payment during their post-encryption activities.
The ransomware has operated in the cybercriminal environment since 2019. It displays a new ransomware strain that could target Linux-based systems, which have become an OS that attracts numerous threat actors. The ransomware operators claimed that they had stolen information from 35GB to 700GB from multiple companies worldwide.
Furthermore, some researchers believe that the ransomware’s Linux encryptor has similarities with the HelloKitty ransomware. The Abyss Locker Linux encryptor has displayed traits derived from the latter ransomware since it also employs the ChaCha encryption tool.
It remains to be seen whether this the Abyss Locker is a rebrand of HelloKitty or if another group acquired access to eh encryptor’s source code.
The discovery of the Abyss Locker’s Linux variant shows the evolving characteristics of ransomware operations. Furthermore, the operators of Abyss Locker are highly skilled and have a history of launching targeted attacks against high-value targets.
Therefore, system admins and organisations employing VMware ESXi servers should review their security protocols and implement the best practices for safeguarding credentials and SSH access.
