.jpg "Abyss Locker Ransomware Targets VMware’s ESXi Servers")
A new strain of ransomware called Abyss Locker is causing concern among industrial control systems (ICS), enterprises, and public-sector organizations. This ransomware gang has developed a custom Linux encryptor that specifically targets VMware’s ESXi virtualized environments, making it a significant threat in the cybersecurity landscape.
According to research conducted by KELA, Abyss Locker was introduced in March as part of a double-extortion ransomware strategy. This approach involves encrypting data and then exfiltrating it, threatening to leak it if the victim refuses to pay the ransom. Recently, security researcher MalwareHunterTeam discovered Version 2 of Abyss Locker, which includes a Linux ELF encryptor variant designed explicitly for ESXi virtual machines. Analysis suggests that thus far, the group has targeted and claimed 14 victims.
The shift towards targeting ESXi platforms is part of a broader trend seen among ransomware collectives. The use of ESXi, coupled with the absence of any third-party malware detection capabilities in the hypervisor that manages the virtual machines, has made this technology an attractive target for ransomware operators. Prominent ransomware groups such as Akira, Black Basta, Cl0p, HelloKitty, IceFire, Hive, LockBit, MichaelKors, Royal, REvil, and others have all joined the move to Linux and are actively encrypting ESXi machines. This dangerous trend has been further fueled by the release of the Babuk source code, which is focused on compromising VMware environments. According to a report by SentinelOne, this release has led to at least 10 ESXi-ready ransomware variants.
Michael Gillespie, a well-known ransomware hunter, explained that the Linux encryptor used by Abyss Locker appears to be a variation of the older HelloKitty ransomware. HelloKitty has gained notoriety for its involvement in high-profile attacks, including the cyberattack on the popular game Cyberpunk 2077 over two years ago.
The emergence of ransomware strains like Abyss Locker and the increasing number of attacks on ESXi virtualized environments highlight the need for organizations to enhance their cybersecurity defenses. Protecting critical infrastructure and sensitive data requires deploying robust security measures, such as regular backups, network segmentation, multi-factor authentication, and comprehensive malware detection capabilities. Additionally, organizations should stay informed about the latest cybersecurity threats, emerging trends, and data breach incidents to remain one step ahead of cybercriminals.
By staying vigilant, implementing proactive security measures, and collaborating with industry experts and cybersecurity professionals, organizations can mitigate the impact of ransomware attacks and safeguard their critical systems and data from the evolving threat landscape.