This sneaky ransomware is now targeting Linux servers, too


Level 37
Thread author
Top poster
Feb 4, 2016
LockBit is a hugely popular form of ransomware for cyber criminals targeting Windows - and now cybersecurity researchers have identified a Linux-ESXi variant of it in the wild.

One of the most prolific families of ransomware now has additional Linux and VMware ESXi variants that have been spotted actively targeting organisations in recent months.

Analysis by cybersecurity researchers at Trend Micro identified LockBit Linux-ESXi Locker version 1.0 being advertised on an underground forum. Previously, LockBit ransomware – which was by far the most active ransomware family at one point last year – was focused on Windows.

LockBit has a reputation as one of the most sneaky forms of ransomware. And now the Linux and VMware ESXi variant means that the ransomware could potentially spread itself even further, encrypting a wider variety of servers and files – and driving up the pressure for a victim to give in and pay a ransom for the decryption key.