Play Ransomware Group is Targeting VMWare ESXi Environments

 

Play ransomware is the latest ransomware gang to launch a specific Linux locker for encrypting VMware ESXi virtual machines. Trend Micro, whose analysts discovered the new ransomware variation, claims the locker is designed to verify whether it is operating in an ESXi environment before executing and can bypass detection on Linux systems.

“This is the first time that we’ve observed Play ransomware targeting ESXi environments,” Trend Micro stated. “This development suggests that the group could be broadening its attacks across the Linux platform, leading to an expanded victim pool and more successful ransom negotiations.”

This has been a well-known trend for years, with most ransomware organisations turning their focus to ESXi virtual machines after companies started using them for data storage and critical application hosting due to their far more effective resource management. Taking down an organization’s ESXi VMs will cause significant business disruptions and outages, whereas encrypting files and backups severely limits the victims’ ability to restore compromised data.

While examining this Play ranso

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: