Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for this purpose.
This week, BleepingComputer analyzed the Linux encryptor for Abyss Locker and illustrated how it was specifically designed to encrypt ESXi virtual machines.
Other ransomware operations with ESXi encryptors include Akira, Royal, Black Basta, LockBit, BlackMatter, AvosLocker, REvil, HelloKitty, RansomEXXund Hive.
Quite a bit of research was released this week as well, with cybersecurity firms and researchers releasing reports on:
- Ransomware’s impact on industrial organizations and infrastructure.
- A study examined cyber insurance’s role in addressing the threats posed by ransomware.
- Three reports from KELA on Qilin, the new Knight 2.0 RaaSund Akira.
- A tool to exploit DLL hijacking flaws in ransomware to prevent encryption.
Regarding ransomware or extortion attacks, EY und Serco sent data breach notifications for the Clop MOVEit attacks.
Hospitals run by Prospect Medical Holdings were also impacted this week by a ransomware attack on the parent company. However, it is unclear what gang is behind the attack.
Finally, Argentina’s Comprehensive Medical Care Program (PAMI) suffered a ransomware attack that impacted its operations.
Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @Seifreed, @malwrhunterteam, @demonslay335, @serghei, @malwareforme, @LawrenceAbrams, @BleepinComputer, @Ionut_Ilascu, @Fortinet, @malvuln, @Intel_by_KELA, @DragosInc, @MrJamesSullivan, @pcriskund @juanbrodersen.
