New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (thehackernews.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 19 Nov 2024 12:48
https://sh.itjust.works/post/28316421

#cybersecurity

threaded - newest

horse_tranquilizers@sh.itjust.works on 19 Nov 2024 15:25 collapse

What is exactly is “expands” in this context? Like, isnt it a bunch of different ways to encrypt a filesystem in AES-256 or am I thinking simplistic?

01189998819991197253@infosec.pub on 21 Nov 2024 02:38 collapse

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus.

“Helldown deploys Windows ransomware derived from the LockBit 3.0 code,” Sekoia said in a report shared with The Hacker News. “Given the recent development of ransomware targeting ESX, it appears that the group could be evolving its current operations to target virtualized infrastructures via VMware.”

Basically, it was historically a windows malware, and it has expanded its attack surface to include Linux.