New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus.

"Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group could be evolving its current operations to target virtualized infrastructures via VMware."

Helldown was first publicly documented by Halcyon in mid-August 2024, describing it as an "aggressive ransomware group" that infiltrates target networks by exploiting security vulnerabilities. Some of the prominent sectors targeted by the cybercrime group include IT services, telecommunications, manufacturing, and healthcare.

Like other ransomware crews, Helldown is known for leveraging data leak sites to pressure victims into paying ransoms by threatening to publish stolen data, a tactic known as double extortion. It's estimated to have attacked at least 31 companies within a span of three months.

The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices.

The Hacker News:
https://thehackernews.com/2024/11/new-helldown-ransomware-expands-attacks.html

BleepingComputer:
https://www.bleepingcomputer.com/news/security/helldown-ransomware-exploits-zyxel-vpn-flaw-to-breach-networks/

Infosecurity magazine:
https://www.infosecurity-magazine.com/news/helldown-ransomware-target-vmware/

#cybersecurity #helldown #ransomware