The LockBit ransomware family is one of the most widespread in the threat landscape. And now, with a variation aimed at Linux and VMware ESXi, it’s become even more hazardous. The ransomware, known as LockBit Linux-ESXi Locker version 1.0, was discovered on an underground forum.
Getting Into the Intricacies
For encryption, this new version employs a mix of AES and ECC methods.
LockBit 1.0 provides logging capabilities, including the ability to log processor statistics, virtual machines (VMs), total files, encrypted files and VMs, and time spent encrypting, among other things.
It also offers commands for encrypting virtual machine images on ESXi systems.
The ransom message, on the other hand, appears to be similar to those associated with LockBit. It includes a list of leak sites as well as a job posting for insiders looking to make millions of dollars in return for firm secrets.
Why is this significant?
LockBit’s new version allows it to extend further and secure a wider range of devices and information. As a result, victims will be under more pressure to pay the ransom. Furthermore, an ESXi server hosts multiple VMs, implying that effective encryption will have a significant impact on the victim businesses.
The Most Recent Incident
The ransomware gang claimed to have taken thousands of data from France’s Ministry of Justice.
The Ministry has 13 days to pay the ransom or the data would be leaked on February 10th, according to LockBit’s official website.
Not only that, but the organisation claims to have targeted large corporations in Germany, Spain, France, Italy, and the United Kingdom.
Last but not least
This latest LockBit version shows that the threat organisation is following in the footsteps of other ransomware families including REvil, BlackMatter, HelloKitty, AvosLocker, and Hive. Nonetheless, the LockBit RaaS’s popularity may lead to more widespread attacks and consequences for victims. While identifying ransomware on Linux is difficult, researchers warn that adopting sufficient security controls is the best way to keep protected from the increasing menace that is LockBit.
