Emerging Ransomware Gangs Target Linux, VMware, and U.S. Organizations
A new ransomware-as-service (RaaS) called MichaelKors is targeting Linux and VMware ESXi systems, making it the latest file-encrypting malware to do so. Cybercriminals are increasingly targeting ESXi, which is a highly attractive target for modern adversaries due to its popularity as a widespread and popular virtualization and management system. The targeting of VMware ESXi hypervisors with ransomware to scale such campaigns is a technique known as hypervisor jackpotting. To mitigate the impact of hypervisor jackpotting, organizations are recommended to avoid direct access to ESXi hosts, enable two-factor authentication, take periodic backups of ESXi datastore volumes, apply security updates, and conduct security posture reviews.