Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers
According to researchers on the MalwareHunterTeam, HelloKitty has joined a growing list of ransomware gangs targeting VMware ESXi. Researchers found a Linux encryptor used by the HelloKitty ransomware gang in an attack against videogame developer CD Projekt Red. The researchers reported that the attack, which occurred in February, targeted the organization’s Vmware ESXi servers and the virtual machines running on them. Therefore, one hit in this type of attack can affect multiple different virtual machines. The discovery marks the first time that researchers have observed the ransomware group using a Linux encryptor in an attack.
ESXi doesn’t exist strictly in Linux and boasts its own, custom kernel that is similar in nature, including in its ability to run certain Linux executables. VMware ESXi is a bare-metal hypervisor that is easily installable onto servers, partitioning them into multiple different VMs and facilitating hard-drive storage sharing. However, the downside to the function is that it also sets up systems to be desirable targets for attacks as attackers can encrypt the centralized virtual hard drives and impair multiple VMs.