A ransomware operation known as Akira has been seen encrypting VMware ESXi virtual machines using a Linux encryptor after a couple of months of targeting Windows systems.
Major industries like education and finance have been in the crosshairs of the new ransomware, which has been encrypting stolen data from breached networks and marking compromised files with the .akira extension.
The double extortion attacks have seen some organizations receive demands to pay millions in return for their data, according to Bleeping Computer.
Akira ransomware could soon have even more victims
Targeting VMware’s ESXi servers means that gangs can target more than one VM in a single hit, making it a potentially lucrative operation should the victims pay up.
Comparing this VMware ESXi encryptor with others analyzed by the publication, Bleeping Computer says that Akira’s encryptors lack some advanced features, notably the automatic shutting down of VMs before encrypting files.
With the move to now threaten Linux users, more companies across the globe need to be on the lookout for signs of an attack, while simultaneously protecting their IT infrastructure from potential attacks.
According to a fresh Cyble report, 46 publicly disclosed victims have been announced since the attacks started in April 2023, with 33 located in the US.
Furthermore, the expansion to Linux is far from unique to Akira, with many ransomware attacks now looking to broaden their scope in the hopes of making them more lucrative.
Potential victims should conduct regular backups, update software as soon as it becomes available, and use trusted endpoint protection software. Those likely to have been affected by ransomware are being urged to take all measures possible to protect their data by removing external drives and detaching infected devices from their networks.