Royal Ransomware Targets Linux Devices

by | Feb 6, 2023 | News

Royal Ransomware linux vmware esxi virtual machines

Post Views: 651

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

Targeting Vmware ESXi virtual machines

Royal Ransomware is the latest ransomware operation to support the encryption of Linux devices, specifically targeting VMware ESXi virtual machines.
The Linux Royal Ransomware variant was discovered by the Equinix Threat Analysis Center and is executed using the command line.

It comes with support for multiple flags that allow the ransomware operators to control the encryption process. The ransomware appends the “.royal_u” extension to encrypted files on the VM.

Royal_Ransomware_ESXi_detections_VT

Detection score on VirusTotal

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

What is Royal Ransomware?

Royal Ransomware is a private operation comprised of threat actors who previously worked with the Conti ransomware operation.

The gang demands ransom payments ranging from $250,000 to tens of millions after encrypting their targets’ enterprise network systems.

In December, the US Department of Health and Human Services warned of Royal ransomware attacks targeting organizations in the healthcare sector. The shift towards targeting ESXi virtual machines aligns with a trend where enterprises have transitioned to VMs for improved device management and efficient resource handling.

Royal ransomware submissionsRoyal ransomware submissions (ID Ransomware)

Trending: Major Cyber Attacks of 2022

Trending: Recon Tool: ScopeHunter

Thousands of VMware ESXi servers reached EOF in October last year

Tens of thousands of VMware ESXi servers exposed on the Internet reached end-of-life in October and are now only receiving technical support, exposing them to ransomware attacks.

A new ransomware strain known as ESXiArgs was used to scan for and encrypt unpatched servers in a massive campaign targeting ESXi devices worldwide. Over 100 servers worldwide were compromised in just a few hours.

Trending: QNAP NAS Devices at Risk of Remote Malicious Code Injection

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This