Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Di 23.07.2024 00:00:03 7.214 0 606.564 84,1 NerdCulture 4.2.10 1.000 Mo 22.07.2024 00:01:25 7.214 0 606.028 84,0 NerdCulture 4.2.10 1.000 So 21.07.2024 00:01:09 7.214 +1 605.552 83,9 NerdCulture 4.2.10 1.000 Sa 20.07.2024 00:00:00 7.213 +1 605.193 83,9 NerdCulture 4.2.10 1.000 Fr 19.07.2024 13:58:59 7.212 -7 604.919 83,9 NerdCulture 4.2.10 1.000 Do 18.07.2024 00:01:10 7.219 +1 604.296 83,7 NerdCulture 4.2.10 1.000 Mi 17.07.2024 00:01:12 7.218 0 603.750 83,6 NerdCulture 4.2.10 1.000 Di 16.07.2024 00:01:11 7.218 +1 603.122 83,6 NerdCulture 4.2.10 1.000 Mo 15.07.2024 00:01:11 7.217 0 602.695 83,5 NerdCulture 4.2.10 1.000 So 14.07.2024 00:00:03 7.217 0 602.204 83,4 NerdCulture 4.2.10 1.000
Olly 👾 (@Olly42) · 01/2024 · Tröts: 244 · Folger: 27
Di 23.07.2024 14:39
New Linux Variant of Play Ransomware targeting VMware ESXi Systems
IT-security company Trend Micro, whose analysts spotted the new ransomware variant, says the locker is designed to first check whether it's running in an ESXi environment before executing and that it can evade detection on Linux systems.
#linux #play #ransomware #it #security #privacy #technology #engineer #news
![The IT-security firm's analysis of a Linux variant of Play comes from a RAR archive file hosted on an IP address (108.61.142[.]190), which also contains other tools identified as utilized in previous attacks such as PsExec, NetScan, WinSCP, WinRAR, and the Coroxy backdoor.](https://nerdculture.de/system/media_attachments/files/112/835/780/719/747/417/small/f4740ba715baa320.jpeg "The IT-security firm's analysis of a Linux variant of Play comes from a RAR archive file hosted on an IP address (108.61.142[.]190), which also contains other tools identified as utilized in previous attacks such as PsExec, NetScan, WinSCP, WinRAR, and the Coroxy backdoor.")
The IT-security firm's analysis of a Linux variant of Play comes from a RAR archive file hosted on an IP address (108.61.142[.]190), which also contains other tools identified as utilized in previous attacks such as PsExec, NetScan, WinSCP, WinRAR, and the Coroxy backdoor.
![[ImageSource: Trend Micro]
Play ransomware Linux attack flow
This has been a known trend for years now, with most ransomware groups shifting focus towards ESXi virtual machines after enterprises switched to using them for data storage and hosting critical applications due to their much more efficient resource handling.](https://nerdculture.de/system/media_attachments/files/112/835/780/805/800/217/small/67ebbc688509b889.png "[ImageSource: Trend Micro]
Play ransomware Linux attack flow
This has been a known trend for years now, with most ransomware groups shifting focus towards ESXi virtual machines after enterprises switched to using them for data storage and hosting critical applications due to their much more efficient resource handling.")
[ImageSource: Trend Micro] Play ransomware Linux attack flow This has been a known trend for years now, with most ransomware groups shifting focus towards ESXi virtual machines after enterprises switched to using them for data storage and hosting critical applications due to their much more efficient resource handling.
![[ImageSource: Trend Micro]
Play ransomware Linux console ransom note
It will also drop a ransom note in the VM's root directory, which will be displayed in the ESXi client's login portal (and the console after the VM is rebooted).](https://nerdculture.de/system/media_attachments/files/112/835/780/906/943/108/small/3b640e97216b78b5.png "[ImageSource: Trend Micro]
Play ransomware Linux console ransom note
It will also drop a ransom note in the VM's root directory, which will be displayed in the ESXi client's login portal (and the console after the VM is rebooted).")
[ImageSource: Trend Micro] Play ransomware Linux console ransom note It will also drop a ransom note in the VM's root directory, which will be displayed in the ESXi client's login portal (and the console after the VM is rebooted).
[Öffentlich] Antw.: 0 Wtrl.: 3 Fav.: 0 · via Metatext