BlackSuit functions as ransomware designed to encrypt files within a targeted system. It operates on both Windows and Linux platforms, including VMware ESXi.
Since June 2023, instances of Akira ransomware targeting Linux systems have been identified, tracing back their wider activities to April. The initial infection strategy entails exploiting vulnerabilities in publicly accessible services and applications.
Monti represents a relatively new form of ransomware that targets Linux systems, encrypting their files and appending a ".puuuk" extension to them. There have been indications of potential Monti variations that are effective on Windows systems as well.
RedAlert ransomware or N13V ransomware targets both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The ransomware is named after a string in the ransom text, but the threat actors internally refer to it as N13V, which is the original name of this threat.
Lockbit Linux ESXi Ransomware uses a combination of Advanced Encryption Standard (AES) and elliptic curve cryptography (ECC) algorithms for data encryption. This variant could have a big impact on victim organizations because of how ESXi, VMware’s hypervisor helps in managing servers.