{"id":2701,"date":"2021-06-28T17:50:02","date_gmt":"2021-06-28T15:50:02","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=2701"},"modified":"2026-06-08T23:02:32","modified_gmt":"2026-06-08T23:02:32","slug":"ransomware-virtual-servers","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/emerging-threats\/ransomware-virtual-servers\/","title":{"rendered":"Ransomware and Virtual Servers"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The notorious criminal group <strong>Pinchy Spider<\/strong>, known for its <strong>RaaS (Ransomware as a Service)<\/strong> offering Revil, has developed a new ransomware variant designated <strong>REvix<\/strong>, targeting Linux and ESXi environments. The new ransomware expands the attack surface available to affiliates and consequently increases opportunities for ransom demands.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ransomware objectives<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The ransomware has been engineered to target Linux-based and ESXi environments. The latter has been subject to multiple vulnerabilities in recent months, enabling attackers to execute remote commands with administrative privileges (<strong>CVE-2021-21972<\/strong>).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">REvix is distributed as a 64-bit <strong>ELF executable<\/strong> and can encrypt files on any Linux system with Intel x86-64 architecture capable of dynamically linking <strong>glibc 2.2.5<\/strong> or loading ELF files.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ESXi variant<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Like <strong>Pinchy Spider<\/strong>, other criminal groups have successfully developed ESXi-specific ransomware variants. Notable actors include <strong>Carbon Spider<\/strong>, known for the <strong>Darkside<\/strong> ransomware, and <strong>Sprite Spider<\/strong>, already established for its <strong>DEFRAY777<\/strong> ransomware capable of targeting ESXi environments.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The increasing adoption of virtualization platforms and systems has driven criminal groups to focus on infrastructure enabling such technology, particularly <strong>VMware<\/strong>. We tracked this shift as attackers recognize that <a href=\"https:\/\/fortgale.com\/en\/managed-detection-and-response\/\">Managed Detection and Response<\/a> capabilities remain inconsistently deployed across virtualization layers. Enhanced security posture in these environments is therefore necessary to mitigate consequences following ransomware deployment. The convergence of ransomware development toward hypervisor-targeting variants reflects the operational reality that compromised virtual infrastructure provides attackers with rapid lateral movement and mass encryption capabilities across multiple guest systems.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Virtualisation-aware ransomware variants: ESXi\/vCenter targeting, hypervisor-level encryption impact and detection recommendations for virtualised estates.<\/p>\n","protected":false},"author":1,"featured_media":1618,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[3278,3277,372,3279],"class_list":["post-2701","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-threats","tag-esxi-targeting","tag-hypervisor-ransomware","tag-vcenter","tag-virtual-infrastructure"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2701","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=2701"}],"version-history":[{"count":1,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2701\/revisions"}],"predecessor-version":[{"id":9899,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2701\/revisions\/9899"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=2701"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=2701"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=2701"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}