Home > Cyber News > New MichaelKors Ransomware Targets ESXi and Linux
CYBER NEWS

New MichaelKors Ransomware Targets ESXi and Linux

by   |  Last Update:  |  0 Comments  

Due to VMware’s popularity in the virtualization field and its prominence in many organization’s IT systems, their virtual infrastructure products have become highly attractive targets for attackers. This increase in attacks is due to a lack of security tools, inadequate network segmentation of ESXi interfaces, and ITW vulnerabilities for ESXi.

New Ransomware Targeting ESXi Detected in the Wild

In April 2023, CrowdStrike Intelligence discovered a new RaaS program called MichaelKors that delivers ransomware binaries to target Windows and ESXi/Linux systems. Other RaaS tools, such as Nevada ransomware, have also been developed to target ESXi environments.

New MichaelKors Ransomware Targets ESXi and Linux

MichaelKors appears to be a ransomware-as-a-service project. RaaS is a business model developed by ransomware operators to attract affiliates. This model allows affiliates to pay malware creators to launch ransomware attacks. RaaS is based on the popular software-as-a-service IT business model, taking its name and concept from that model.

MichaelKors is not the first ransomware to target ESXi and Linux servers. Previous recent examples include ESXiArgs, Luna, and CheersCrypt.




In February 2023, CERT-FR reported that the ESXiArgs ransomware campaign was actively exploiting two vulnerabilities—CVE-2020-3992 and CVE-2021-21974—targeting unsecured VMware ESXi hypervisors. These vulnerabilities allow an unauthenticated, network-adjacent adversary to execute arbitrary code on affected VMware ESXi instances. Despite being a known threat, this is the first time CVE-2021-21974 has been exploited in the wild (ITW). This is due to the lack of security tools and support for ESXi, CrowdStrike pointed out.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. Linux Threat Alert: VMware ESXi Servers Targeted by Cheerscrypt Ransomware Security researchers discovered a new ransomware family that targets Linux...
  3. RansomExx Gang Is Exploiting VMWare Bugs CVE-2019-5544, CVE-2020-3992 Ransomware operators are known to exploit various vulnerabilities, especially in...
  4. VMware Fixes Eight Serious Security Issues (CVE-2022-22954) VMware has fixed a total of eight security vulnerabilities in...
  5. CVE-2021-21985: Critical Flaw in VMware vCenter Needs Immediate Patching CVE-2021-21985 is a critical vulnerability in VMware vCenter that needs...
  6. New Luna Ransomware Targets Windows, Linux, and ESXi Systems Security researchers reported the discovery of a new cross-platform ransomware...
  7. ESXiArgs Ransomware Removal What Is ESXiArgs Ransomware? ESXiArgs is a new ransomware that...
  8. CVE-2020-3992: Critical VMware Flaw Could Lead to Remote Code Execution CVE-2020-3992 is a VMware vulnerability in the ESXi hypervisor products....

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree