Linux version of HelloKitty ransomware targets VMware ESXi
The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware’s ESXi virtual machine platform for maximum damage, BleepingComputer reports.
Security researcher MalwareHunterTeam found numerous Linux ELF64 versions of the HelloKitty ransomware targeting ESXi servers and the virtual machines running on them. BleepingComputer analyzed samples of this new variant and confirmed that the malware attempts to shut down virtual machines running on the targeted servers to encrypt files, preventing the files from being locked, according to SecurityAffairs. Once the machines are shut down, the ransomware will encrypt files.