Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

There's now a Linux version of this dangerous VMware ransomware

security

A ransomware operation known as Akira has been seen encrypting VMware ESXi virtual machines using a Linux encryptor after a couple of months of targeting Windows systems.

Major industries like education and finance have been in the crosshairs of the new ransomware, which has been encrypting stolen data from breached networks and marking compromised files with the .akira extension.

The double extortion attacks have seen some organizations receive demands to pay millions in return for their data, according to Bleeping Computer.

Akira ransomware could soon have even more victims

Twitter user rivitna is credited with discovering the Linux version of the ransomware, having shared screenshots on the social media platform alongside a sample of the Linux encryptor on VirusTotal.

Targeting VMware’s ESXi servers means that gangs can target more than one VM in a single hit, making it a potentially lucrative operation should the victims pay up.

Comparing this VMware ESXi encryptor with others analyzed by the publication, Bleeping Computer says that Akira's encryptors lack some advanced features, notably the automatic shutting down of VMs before encrypting files.

With the move to now threaten Linux users, more companies across the globe need to be on the lookout for signs of an attack, while simultaneously protecting their IT infrastructure from potential attacks.

According to a fresh Cyble report, 46 publicly disclosed victims have been announced since the attacks started in April 2023, with 33 located in the US.

Furthermore, the expansion to Linux is far from unique to Akira, with many ransomware attacks now looking to broaden their scope in the hopes of making them more lucrative.

Potential victims should conduct regular backups, update software as soon as it becomes available, and use trusted endpoint protection software. Those likely to have been affected by ransomware are being urged to take all measures possible to protect their data by removing external drives and detaching infected devices from their networks. 

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.