BleepingComputer reports that VMware ESXi servers have been targeted with a Linux version of the Akira ransomware, which malware analyst rivitna first identified.
Analysis of Akira ransomware's custom Linux encryptor conducted by BleepingComputer revealed the presence of limited command line arguments and the targeting of a plethora of file extensions but not folders and files involving Windows folders and executables. However, advanced functionality has been limited with the new Akira for Linux encryptor. Meanwhile, a separate report from Cyble showed that a public RSA encryption key is part of the Linux version of Akira, which also uses AES, IDEA-CB, DES, CAMELLIA, and other symmetric key algorithms for encrypting files. Akira's increased targeting with its new Linux encryptor indicates the ransomware operation's growing threat and comes after other ransomware gangs, including Black Basta, Royal, BlackMatter, LockBit, AvosLocker, HelloKitty, REvil, Hive, and RansomEXX, unveiled their respective Linux ransomware encryptors aimed at compromising VMware ESXi servers.
VMware ESXi servers subjected to Akira for Linux ransomware attacks
BleepingComputer reports that VMware ESXi servers have been targeted with a Linux version of the Akira ransomware, which malware analyst rivitna first identified.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.