Royal Ransomware Expands Targets


The Royal Ransomware group has recently ramped up operations since first appearing last summer. In addition to increasing attacks against critical infrastructure and healthcare targets, it has also expanded to target Linux and VMware ESXi environments.

The group has recently launched a variant of its encryptor malware built in the form of executable and linkable format (ELF) binary.

Linux runs the back-end systems of many networks and container-based solutions, so it is an attractive attack surface for threat actors that are looking to take down critical operations.

VMware’s ESXi platform is pretty much a hacker’s dream offering up multiple ransomware campaigns targeting the virtualization platform in the past year alone. A compromise of one ESXi hypervisor could open the door to all the virtual machines (VMs) that it controls, without much effort.

Royal Ransomware has really upped both their number of attacks, as well as increased the variety of tools they are using. Organizations need to make sure they have security best practices implemented and keep the threat of ransomware at the forefront. Need help evaluating your security posture? Let 2W Tech help! We are a technology solutions provider specializing in solutions for the manufacturing industry. Our expert team of IT Consultants can help you in your security journey.

Back to IT News