“The REvil update to support Linux broadens their attack vector tremendously; with a number of servers that are either Linux or based on Linux, they are no longer limited to a single operating system target and as such, can branch out into others easily,” said Shawn Smith, director of infrastructure at nVisium.

Other ransomware, such as RegretLocker, have already targeted ESXi hypervisors. “As we continue to modernize and become increasingly more reliant on virtual machines and containerized systems, we’ll start seeing more attacks targeting such systems, and more specifically, targeting the underlying infrastructure that they use to run; in this case, that’s ESXi,” said Smith.

Smith advises companies to “keep proper backups and well-tested recovery plans so if an attack like this one targets your systems, you’ve at least got resilient BCP and DR plans to help recover, monitor and manage moving forward.”

Read entire article here!