VMware ESXi servers impacted by Abyss Locker for Linux ransomware attacks

BleepingComputer reports that VMware ESXi servers have been subjected to attacks involving a Linux version of the Abyss Locker ransomware, making the ransomware operation, which only emerged in March, to be the latest to target VMware ESXi with a Linux encryptor, following the Akira, Black Basta, LockBit, Royal, REvil, and Hive ransomware groups, among others. Further analysis of Abyss Locker's Linux ELF encryptor, discovered by MalwareHunterTeam, revealed its usage of the "esxcli" command-line VMware ESXi management tool to determine and terminate available virtual machines, which will then be followed by the encryption of related virtual disks, metadata, and snapshots. All other files will later be encrypted and appended with the .crypt extension, while ransom notes will also be created for every file. Even though Abyss Locker's Linux encryptor was noted by ransomware analyst Michael Gillespie to have used HelloKitty ransomware as a basis, the origins of the ransomware operation remain uncertain.