LockBit ransomware gang targets Linux servers

A new version of LockBit ransomware is designed to encrypt files on Linux servers. This threat is specifically targeting ESXi servers, allowing attackers to compromise many virtual machines at once with just one successful attack against a physical server.

LockBit is one of the most prolific ransomware families, with over 200 victims listed on their leak site in the third quarter of 2021 after the emergence of LockBit 2.0 in July. LockBit was also responsible for the ransomware attack on Accenture, in which they allegedly demanded a ransom of $50 million from the company.

The new Linux variant of LockBit is harder to detect, but employs the same double-extortion tactics as LockBit 2.0 — stealing data before encrypting it, so that attackers can threaten the public release or sale of sensitive information if the victims refuse to pay. The LockBit gang is even offering a cut of the profits to individuals who are willing to give up their corporate credentials, in order to spread the ransomware more efficiently.

Acronis Cyber Protect protects your Linux systems with multi-layered detection engines to stop malware and Active Protection to prevent ransomware from encrypting your data.