24.Key Code Esm W900

The Linux version of Qilin, a new ransomware strain that debuted in January, has been spotted in the wild. It's also one of the first ransomware families to target VMware ESXi.

Qilin targets users and organizations that run ESXi hypervisors. The malware encrypts files on connected USB devices with AES-256 encryption and a randomly generated RSA public key. It also creates an HTML file in each folder containing encrypted files containing instructions on paying the ransom and where to get decryption keys.

The malware doesn't appear very sophisticated and is likely not targeting any specific industry or organization; it's just another opportunistic infection for any user connecting a USB device infected with Qilin to their machine.

I found the article linked below very helpful in understanding the specifics of this attack, and I wanted to share it with you!