BlackSuit functions as ransomware designed to encrypt files within a targeted system. It operates on both Windows and Linux platforms, including VMware ESXi.
Since June 2023, instances of Akira ransomware targeting Linux systems have been identified, tracing back their wider activities to April. The initial infection strategy entails exploiting vulnerabilities in publicly accessible services and applications.
In a striking departure from their previous focus on Latin American and European organizations, the HiatusRAT malware campaign has taken a notable shift in tactics, now directing its attention towards a reconnaissance attack on a server within the U.S. Department of Defense.
Monti represents a relatively new form of ransomware that targets Linux systems, encrypting their files and appending a ".puuuk" extension to them. There have been indications of potential Monti variations that are effective on Windows systems as well.
RedAlert ransomware or N13V ransomware targets both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The ransomware is named after a string in the ransom text, but the threat actors internally refer to it as N13V, which is the original name of this threat.