A Linux variant of the Abyss Locker ransomware spreads on servers and ensures encrypted data on virtual machines. The malware sends the data to the attackers before encrypting it and threatens users that the files will be made public.
VMware ESXi systems affected
The masterminds behind the ransomware started targeting businesses a few months ago. A new malware version has now emerged that targets Linux-based VM systems. The encryption Trojan contains components of the Hello Kitty ransomware and is designed to incapacitate VMware ESXi instances.
After the virtual machines running on the server are shut down, the program encrypts the virtual disks, metadata, and system states. The “.crypt” extension is appended to overwritten files. In a readme document, the hackers share the steps required for recovery.
Hackers publish data
Before the files are encrypted, all data is sent to an attacker’s server. The hackers threaten to release all information after a certain period of time. According to Bleeping Computer, a page containing the data of 14 affected companies can be accessed via the TOR browser.
In order to be able to use the virtual machines again and to prevent their publication, attacked companies are said to pay an unknown ransom. For this purpose, a link to a Darknet page is sent, which can be used to negotiate with the hackers. Of course, this request should not be complied with.
Since the data is cryptographically encrypted and the key used is not known, there is currently no way to recover affected systems yourself. It is therefore advisable to reinstall hijacked servers and import backups. Paying the ransom does not guarantee that the masterminds will actually delete the stolen data.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.