Linux Version of Royal Ransomware Targets VMware ESXi Servers
![32.Lock Code Circular Esm W900](/images/articles/1200x667/32.Lock_Code_Circular-esm-w900.webp)
Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines.
BleepingComputer has been reporting on similar Linux ransomware encryptors released by multiple other gangs, including Black Basta, LockBit, BlackMatter, AvosLocker, REvil, HelloKitty, RansomEXX, and Hive.
The new Linux Royal Ransomware variant was discovered by Will Thomas of the Equinix Threat Analysis Center (ETAC), and is executed using the command line.