RedAlert ransomware or N13V ransomware targets both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The ransomware is named after a string in the ransom text, but the threat actors internally refer to it as N13V, which is the original name of this threat.
Lockbit Linux ESXi Ransomware uses a combination of Advanced Encryption Standard (AES) and elliptic curve cryptography (ECC) algorithms for data encryption. This variant could have a big impact on victim organizations because of how ESXi, VMware’s hypervisor helps in managing servers.
AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.