Royal Ransomware expands attacks by targeting Linux ESXi servers

Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers

Ransomware

Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in this blog.

By: Nathaniel Morales, Ivan Nicole Chavez, Byron Gelera February 20, 2023 Read time:  ( words)

Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. We predicted in September 2022 that ransomware groups will would increasingly target Linux servers and embedded systems in the coming years after detecting a double-digit year-on-year (YoY) increase in attacks on these systems in the first half of 2022. In May 2021 we reported ransomware variants of DarkSide and in May 2022 we found Cheerscrypt, specifically targeting the ESXi servers, which are widely used for server virtualization by enterprises.

Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in this blog. Royal’s Linux counterpart also targets ESXi servers, a target expansion which can create a big impact on victimized enterprise data centers and virtualized storage.

Royal ransomware was first observed in September 2022, and the threat actors behind it are believed to be seasoned cybercriminals

Read more