This sneaky ransomware is now targeting Linux servers, too

One of the most prolific families of ransomware now has additional Linux and VMware ESXi variants that have been spotted actively targeting organisations in recent months.

Analysis by cybersecurity researchers at Trend Micro identified LockBit Linux-ESXi Locker version 1.0 being advertised on an underground forum. Previously, LockBit ransomware – which was by far the most active ransomware family at one point last year – was focused on Windows.

ZDNet Recommends

LockBit has a reputation as one of the most sneaky forms of ransomware. And now the Linux and VMware ESXi variant means that the ransomware could potentially spread itself even further, encrypting a wider variety of servers and files – and driving up the pressure for a victim to give in and pay a ransom for the decryption key. 

SEE: A winning strategy for cybersecurity (ZDNet special report)

“The release of this variant is in line with how modern ransomware groups have been shifting their efforts to target and encrypt Linux hosts such as ESXi servers,” said Junestherry Dela Cruz, threats analyst at Trend Micro.

“An ESXi server typically hosts multiple VMs, which in turn hold important data or services for an organization. The successful encryption by ransomware of

Read More: