Shortly after hitting Colonial Pipeline, Darkside developers announced they would be closing operations. Nevertheless, researchers at AT&T Alien Labs have observed evidence that the group has completed a Linux version of its malware that is targeting ESXi servers hosting VMware virtual machines. To this point, the authors announced the Darkside 2.0 version with Linux capabilities.


“Linux and UNIX servers have always been a preferred option for servers and data centers, likely due to the small attack surface of the servers, tight configurations, and lack of user interaction,” said Ofer Caspi, security researcher for AT&T Alien Labs, part of AT&T Cybersecurity in a blog on the subject. “However, they are often set up and then forgotten, left without detection or protection mechanisms. This makes them very attractive to attackers. By infecting unprotected virtualization servers, attackers can perform devastating attacks on companies, taking down all the services of a company with a single infection.”


Unlike common Linux ransomware which mostly zip files with a password, Darkside encrypts files using crypto libraries. This likely makes recovery impossible without the encryption key, if properly implemented.


Caspi offered the following advice:

  1. Keep software up to date with security updates.
  2. Carefully monitor and manage suspicious emails.
  3. Use a backup system to backup server files.
  4. Install Antivirus and/or endpoint detection and response (EDR) in all endpoints.
  5. Make sure two-factor authentication is enabled in all services.


For more information and to see a full analysis, the blog can be found here:


The post AT&T Alien Labs researchers analyse Linux version of Darkside ransomware appeared first on IT Security Guru.

You May Also Like

Major Russian law firm is hacked; terabytes of stolen data

Anonymous hackers have claimed responsibility for a new cyberattack targeting a Russian…

How FBI tracked one the most famous and richest dark web vender and seized $34 million USD?

The U.S. Department of Justice (DOJ) announced the seizure of $34 million…

Black Cat ransomware shuts down Austria’s passport and transport departments after encrypting 3,000 computers

Black Cat ransomware group claims to have hacked some computer systems in…

Hackers easily stole millions of dollars from NFT platform OpenSea

Non-fungible token (NFT) trading platforms have become one of the main targets…