VMware ESXi servers subjected to Akira for Linux ransomware attacks

BleepingComputer reports that VMware ESXi servers have been targeted with a Linux version of the Akira ransomware, which malware analyst rivitna first identified. Analysis of Akira ransomware's custom Linux encryptor conducted by BleepingComputer revealed the presence of limited command line arguments and the targeting of a plethora of file extensions but not folders and files involving Windows folders and executables. However, advanced functionality has been limited with the new Akira for Linux encryptor. Meanwhile, a separate report from Cyble showed that a public RSA encryption key is part of the Linux version of Akira, which also uses AES, IDEA-CB, DES, CAMELLIA, and other symmetric key algorithms for encrypting files. Akira's increased targeting with its new Linux encryptor indicates the ransomware operation's growing threat and comes after other ransomware gangs, including Black Basta, Royal, BlackMatter, LockBit, AvosLocker, HelloKitty, REvil, Hive, and RansomEXX, unveiled their respective Linux ransomware encryptors aimed at compromising VMware ESXi servers.