The Helldown ransomware targets Linux systems and VMware servers, causing significant damage.

414/67 Thursday, November 21, 2024

The Helldown ransomware group is emerging as a new cyber threat, targeting Linux systems and VMware ESXi used across various industries. Recent attacks reveal that the group exploits vulnerabilities in Zyxel firewall devices to gain access to victims’ systems. According to Sekoia, Helldown may have taken advantage of an undisclosed vulnerability in Zyxel firewalls. Although Zyxel has released patches, specific details about the exploited vulnerability remain unclear.

Helldown employs sophisticated attack methods, focusing on stealing large amounts of sensitive data, including critical documents and personal information, which it uses as leverage for ransom demands. Since August, Helldown has claimed 31 victims, mostly in the United States and organizations across multiple sectors. Additionally, the group employs techniques to cover its tracks, such as deleting tools used in the attacks and overwriting data on hard drives to hinder victims’ recovery efforts.

Experts recommend system administrators regularly update security patches, monitor for unusual activity, and treat virtual environments with the same level of caution as traditional systems. Helldown poses a serious and growing threat, causing widespread impact across various sectors.

Source https://www.darkreading.com/cyberattacks-data-breaches/linux-variant-helldown-ransomware-targets-vmware