LockBit Ransomware is Now Capable of Encrypting Linux Virtual Machines

LockBit ransomware, the prominent malicious group is said to have added new support for targeting Linux-based virtual machines, especially the VMware servers.

As reported by the Trend Micro researchers, LockBit’s new support will work on a simple command-line interface for managing the hijacked Linux VMware servers, for the affiliates. Thus, they warned security teams to be aware of the update, and guard their systems against Linux encryptors.

LockBit With Linux VM Support

LockBit Ransomware is Now Capable of Encrypting Linux Virtual Machines

LockBit is one of the few prominent ransomware groups that rose to popularity after the demise of the REvil gang last year. With notable victims in its bag, LockBit ransomware, so far, has only targeted Windows machines. But now, it’s said to have added new support, that makes it encrypt the Linux-based virtual machines too.

This is special regarding VMware’s VMWare ESXi and vCenter installations, as reported by the Trend Micro researchers. The new support will use the AES for encrypting files, and the elliptic-curve cryptography (ECC) algorithms to encrypt the decryption keys.

While other ransomware groups too had this support for a long time, LockBit’s addition stands out through its simple command-line utilities, which will let its affiliates check what kind of VMs are being used by their targets, and the ability to shutdown them easily.

Below are the features that LockBit’s Linux encryptor can perform;

Command Description
vm-support –listvms Obtain a list of all registered and running VMs
esxcli vm process list Get a list of running VMs
esxcli vm process kill –type   force –world-id Power off the VM from the list
esxcli storage filesystem list Check the status of data storage
/sbin/vmdumper %d suspend_v Suspend VM
vim-cmd hostsvc/enable_ssh Enable SSH
vim-cmd hostsvc/autostartmanager/enable_autostart false Disable autostart
vim-cmd hostsvc/hostsummary grep cpuModel Determine ESXi CPU model

LockBit works on a Ransomware-as-a-service model, where it will rent its encrypting malware to hackers, and share the ransom earned from a victim with them. And since more and more organizations are moving to use virtual machines for saving hardware resources and easy backup, security teams and system admins working for them should be aware of such updates in the ransomware industry.

Other Trending News:-  News


Please enter your comment!
Please enter your name here