REvil Ransomware has now a new tentacle for Linux machines. It is caught encrypting Vmware ESXi virtual machine. Linux variant has almost same functionality as of its Windows counterpart.
REvil Ransomware, also known as Sodinokibi, is a ransomware that infects a system or network, encrypts files, and demands a ransom to for decryption.
Sodin, Sodinokibi, REvil or BlueBackground Ransomware encrypts user data with AES, and then requires a ransom at 0.475–0.950 BTC to return files. It exploits a zero-day, CVE-2018-8453, was previously abused by an APT, and was patched in the Oct 18 Patch Tuesday.