02 July 21, 18:05
Quote:Cybercriminals behind a string of high-profile ransomware attacks, including one extorting $11 million from JBS Foods last month, have ported their malware code to the Linux operating system. The unusual move is an attempt to target VMware’s ESXi virtual machine management software and network attached storage (NAS) devices that run on the Linux operating system (OS).
Researchers at AT&T Cybersecurity said they have confirmed four Linux samples of the REvil malware in the wild.
Ofer Caspi, security researcher at Alien Labs, a division of AT&T Cybersecurity, wrote in a Thursday blog that after receiving a tip from MalwareHuntingTeam it identified the four samples.
“REvil ransomware authors have expanded their arsenal to include Linux ransomware, which allows them to target ESXi and NAS devices,” Caspi wrote.
In a nod to research by AdvIntel in early May 2021, which reported REvil’s intent to port its Windows-based ransomware to Linux, Caspi confirmed the Linux variant was spotted in May “affecting *nix systems and ESXi.”
“The samples are ELF-64 executables, with similarities to the Windows REvil executable, being the most noticeable among the configuration options,” he wrote.
Executable and Linkable Format (or ELF-64) is a standard file format for executable files within Linux and UNIX-like operating systems, according to a technical breakdown.
Read more: Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices | Threatpost