Researchers discovered a new Hive ransomware variant that encrypts Linux and FreeBSD. An earlier analysis of the Windows variant had strong indicators that that the group may be able to infect other operating systems. The latest research now confirms those suspicions. “Just like the Windows version, these variants are written in #Golang, but the strings, package names and function names have been obfuscated, likely with gobfuscate,” ESET Research Labs stated. Currently, the Linux variant appears to still be under development and not yet fully featured.
The research demonstrates that threat actors are evolving as organizations rapidly migrate to cloud environments, many of which run on Linux. Additionally, virtual machines such as VMware ESXi are targeted, which is a popular enterprise virtual machine platform. By targeting virtual machines, the operators can encrypt multiple servers at once with a single command. However, as most organizations continue to use Windows, it remains to be the attack vector of choice.