DevelopersDevSecOpsNewsOpen SourceSecurity

New Linux-Based Ransomware Dubbed Cheerscrypt Targets ESXi Devices


Researchers at Trend Micro have detected Cheerscrypt, a new Linux-based ransomware variant that has been targeting a customer’s ESXi server used to manage VMware files. In the past, ESXi servers were also attacked by other known ransomware families such as LockBit, Hive, and RansomEXX as an efficient way to infect many computers with ransomware.

The ransomware requires an input parameter specifying the path to encrypt so that it can proceed to its Infection routine. In a blog post, researchers said that the termination of the VM processes ensures that the ransomware can successfully encrypt VMware-related files. Similar to other infamous ransomware families, Cheerscrypt employs the double extortion scheme to coerce its victim to pay the ransom.

ESXi is widely used in enterprise settings for server virtualization. It is therefore a popular target for ransomware attacks. According to researchers, compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices. Organizations should thus expect malicious actors to upgrade their malware arsenal and breach as many systems and platforms as they can for monetary gain.

To protect systems against similar attacks, Trend Micro Research recommends organizations to create security frameworks that systematically allocate resources based on an enterprise’s needs.

Deepfactor, Synopsys Help Developers Improve Cloud-Native Supply Chain Security Mechanisms

Previous article

Why Did FlexiDAO Join LF Energy And What Role Does It Play In The LF Energy Ecosystem?

Next article
Login/Sign up