Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

Linux version of HelloKitty ransomware targets VMware ESXi

network-security-freepik
July 19, 2021

The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware’s ESXi virtual machine platform for maximum damage, BleepingComputer reports.

Security researcher MalwareHunterTeam found numerous Linux ELF64 versions of the HelloKitty ransomware targeting ESXi servers and the virtual machines running on them. BleepingComputer analyzed samples of this new variant and confirmed that the malware attempts to shut down virtual machines running on the targeted servers to encrypt files, preventing the files from being locked, according to SecurityAffairs. Once the machines are shut down, the ransomware will encrypt files. 

Last month, MalwareHunterTeam also found a Linux version of the REvil ransomware that targets ESXi servers and used the esxcli command as part of the encryption process. Dirk Schrader, Global Vice President, Security Research at New Net Technologies (NNT), now part of Netwrix, a provider of change management software, explains, “The motivation in this isn’t Linux, it is the aspect that ESXi servers are such a valuable target, and that malware developers went that extra mile to add Linux as the origin of many virtualization platforms to their functionality. This welcomes the side effect of being able to attack any Linux machine. A single ESXi 7 server can host up to 1024 VMs, in theory, but for the attacker, it is the combination of several VMs and their importance that makes each ESXi server a worthy target. Attacking and encrypting a device that runs 30 or so critical services for an organization is promising results (ransom paid). For those operating ESXi, the best defense is to have tight monitoring in place that alerts about any change happening to the ESXi, its filesystem and configuration settings. It should be hardened anyway.”

However, the tricky part about defending against attacks like these, says Sean Nikkel, Senior Cyber Threat Intel Analyst at Digital Shadows, a San Francisco-based provider of digital risk protection solution, “which are already against a variety of software and hardware, means having a good baseline on what your assets are, how they’re patched, how they’re secured, what other dependencies they have, and who’s got access to them. It’s a laundry list of tasks to stay secured, but organizations must handle most or all of these best practices, addressing the low-hanging fruit, which is the favorite avenue of attack for threats. Otherwise, they may end up in the crosshairs of yet another ransomware attack.”

The increasing frequency of attacks on Linux and Linux-based systems can be attributed to the rising use of the virtual machine and containerized infrastructure since many of the underlying systems that power virtual machines and containers are running Linux-based operating systems, says Shawn Smith, Director of Infrastructure at nVisium, a Falls Church, Virginia-based application security provider.

“Attacking the infrastructure that houses VMs or containers can yield a much higher reward for time invested; for example, if you compromise a host that is hosting several other systems, you have effectively compromised all of those systems as well,” Smith adds. “Since attackers are now targeting Linux-based systems that house VM and container infrastructure, it’s relatively easy for them to adapt their malware to also attack normal Linux workstations and servers.”

Smith believes we’ll see “many more equal opportunity offenders that aren’t targeting specific kinds of systems but are targeting everything under the sun that they can profit from using such adaptable techniques.”

KEYWORDS: cyber security information security ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Laptop and monitor

    VMware ESXi flaw leveraged by BlackByte ransomware

    See More
  • Coding on monitor

    ESXi environments targeted with new Linux variant ransomware strain

    See More
  • cyber-security-freepik

    REvil ransomware group deploys Linux encryptor against EXSi virtual machines

    See More

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing