Dark Reading has written an article discussing Abyss Locker’s recent addition of the capability to target VMware’s ESXi virtualized environments for encryption, increasing risks for ICS owners and operators.
Abyss Locker was first observed in March of this year as part of double extortion campaigns but, according to the article, version 2 of the ransomware was discovered this month with this new capability. The group has already claimed 14 victims and joined Akira, Black Basta, Cl0p, HelloKitty, IceFire, Hive, LockBit, MichaelKors, Royal, and Revil ransomware groups in moving to Linux to encrypt ESXi machines. It is likely that more ransomware groups will join this trend, likely jumpstarted by the release of Babuk’s source code. Members are encouraged to assess the risk to their virtual environments accordingly. Read more at Dark Reading.