Ransomware Gangs Target Linux, VMware in New Shift

Ransomware gangs target Linux systems with increasing frequency, shifting focus away from traditional Windows environments. Security researchers report a rise in Linux-native ransomware specifically crafted to exploit vulnerabilities in cloud infrastructure and virtualization platforms like VMware. This evolution reflects a strategic pivot by threat actors toward high-value enterprise targets.

As ransomware gangs target Linux environments, previously held assumptions about their security have created blind spots in enterprise defenses. Morphisec analysts have identified several ransomware strains, including Pay2Key and Helldown, expanding capabilities to attack VMware and Linux systems. BERT ransomware now utilizes ELF files to maximize disruption.

Attackers employ advanced techniques such as memory-based execution and fileless malware to avoid detection. These tactics leverage trusted Linux tools like Bash and cron, bypassing traditional antivirus solutions. Cloud and DevOps ecosystems remain especially vulnerable due to misconfigurations and permissions issues.

Read the full article for a detailed breakdown of these evolving threats:

Ransomware Gangs Actively Expanding to Attack VMware and Linux Systems