The Clop ransomware group has begun attacking Linux based systems, on an experimental basis with a new form of ransomware the group has developed. Researchers at SentinelOne found the new variant being used in the wild, but a flawed encryption process suggests the variant is still in the developmental stage and not fully released. This new version is not a direct copy of the Windows version, which is likely why it has taken so long and has the flawed encryption process.
Analyst Notes
Ransomware groups are always working to find new targets and develop new strains of ransomware that will increase their target lists and maximize their profits. With lots of companies moving to cloud-based computing, most of it being run on Linux, this shift from Clop is not unexpected. A number of ransomware operations are now targeting vulnerable VMWare ESXi servers, thousands of which have recently transitioned to end-of-life status and are no longer receiving official security updates.
https://www.zdnet.com/article/this-notorious-ransomware-is-now-targeting-linux-systems-too/
