Play Ransomware’s Linux Variant Attacking VMware ESXi Servers

23 July 2024

A new Linux variant of Play ransomware targets VMware ESXi environments, which encrypts virtual machine files and appends the “.PLAY” extension by leveraging obfuscation techniques to bypass detection and is compressed with a Windows variant in a RAR archive. It utilizes similar tactics as the Windows version based on the presence of common tools associated with Play ransomware on the command-and-control server, which suggests that the Play ransomware group is expanding its attacks to Linux environments and potentially increasing the impact of their operations. The infection chain of the Linux variant of Play ransomware includes the use of several tools. In the initial infection stage, it verifies the environment by looking for the presence of ESXi-specific commands (vim-cmd and esxcli), and if the commands are found, the ransomware proceeds with its malicious routine.

Source: GBHackers

Date:

23 July 2024

Categorie(s):

NEWS

Tag(s):

Linux, OS, Ransomware, Variant, VMware ESXi

Sinister SpyAgent Android Malware Uses Optics To Crack Your Crypto Wallet7 September 2024
Despite cyberattacks, water security standards remain a pipe dream7 September 2024
Hackers Threaten to Leak Planned Parenthood Data7 September 2024
Protect AI Democratizes AI Security Training with Free MLSecOps Foundations Online Learning Course 7 September 2024
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams7 September 2024