Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMware
A dangerous ransomware strain called 'Helldown,' first discovered in the middle of this year on Windows, is now targeting VMware systems and Linux environments. This has caused serious concern among the global cybersecurity community, suggesting that the attackers behind the malware have found new ways to exploit vulnerabilities on various operating system platforms.
Helldown first gained attention in mid-2024, when it began targeting Windows systems across the globe en masse. The ransomware borrows its foundation from LockBit 3.0, another notorious ransomware family, and shares behavioral similarities with other malware strains like Darkrace and Donex. The latest Linux variant of Helldown is more dangerous in that it can also target VMware virtual machines (VMs), aiming to kill active VMs before encrypting them. Interestingly, however, researchers found that this feature is not yet fully functional, suggesting that it is still in development.
On the Windows side, Helldown's tactics are less refined than other advanced ransomware strains.
On the Windows side, Helldown's infection tactics are less refined than those of other advanced ransomware strains. For example, it uses batch files to terminate processes rather than more sophisticated embedding methods. Still, the focus on crippling virtual machines and encrypting data suggests the attackers are planning something more scalable and dangerous.
A key aspect of the Helldown Ransomware attack chain is the use of vulnerabilities in Zyxel VPN devices. Specifically, it exploits CVE-2024-42057, a command injection vulnerability in IPSEC VPNs, allowing attackers to execute OS commands using crafted usernames. Attackers exploit inappropriate vulnerabilities to breach networks. Once inside, they use simple but effective tools to escalate privileges, disable security, and exfiltrate data.
The Linux variant of Helldown is much less sophisticated than its Windows counterpart, lacking common evasion techniques like obfuscation. This simplicity suggests the malware is still in development, but it is still dangerous. Targeting VMs, on the other hand, allows ransomware operators to maximize their damage. By taking over VMS, they can disrupt critical operations in IT and other industries.
All activities of the malware are closely observed. TipsMake.com will continue to update information about this Ransomware strain, please pay attention to follow.
Lesley MontoyaYou should read it
- RegretLocker: A new strain of ransomware that targets Windows virtual machines
- 7 kinds of ransomware you didn't expect
- List of the 3 most dangerous and scary Ransomware viruses
- Theory - What is Ransomware?
- New ransomware strain discovered using leaked Windows and Linux encryption
- New ransomware appears attacking Windows operating system
- PureLocker - a very 'weird' ransomware strain that can encrypt servers
- How to remove Moba ransomware from the operating system
May be interested
- Warning: Quantum Ransomware is being rapidly deployed in lightning attacks
ransomware (ransomware) is probably not a new concept for most computer users. however, quantum ransomware is a term not everyone has heard of. - 7 kinds of ransomware you didn't expectmost people know the process of making a ransomware, which is why ransomware creators are always looking to find and create new ransomware to make you pay. here are some new ransomware you should know.
- How dangerous is Ransomware on smartphones?ransomware can also spread to smartphones and this can have equally serious consequences.
- VMware Fusion Pro is available for free for personal usevmware desktop hypervisor fusion and workstation products are used by millions of people every day to run virtual machines on windows, linux, and mac computers.
- PureLocker - a very 'weird' ransomware strain that can encrypt serverspurelocker: new ransomware strain with an unusual attack mechanism
- New ransomware strain discovered using leaked Windows and Linux encryptiona new ransomware operation called 'buhti' uses leaked code of the lockbit and babuk ransomware families to target windows and linux systems
- Kali Linux installation instructions on VMware virtual machine in the most detailedfull guide on how to install kali linux on a vmware virtual computer, detailed to the teeth. how to install kali linux operating system on a virtual computer is extremely simple
- No anti-virus software can detect this extremely dangerous new Ransomware on Androida new type of ransomware on android has just been discovered by a researcher on a blog called zscaler. the point that makes this type of ransomware so frightening is that no anti-virus software can detect it.
- New ransomware appears attacking Windows operating systema new ransomware service called eldorado appears to offer services to affiliate partners attacking windows systems and vmware esxi virtual machines.
- How to Install VMware Playerthis wikihow teaches you how to install vmware workstation player for windows or linux. vmware workstation player is a free pc-based tool that allows you to install and run a virtual version of another operating system in a window on your...
Attack the network
- SteelFox Trojan: Malware Turns PCs Into Cryptocurrency Mining Zombies
- Remcos Alert: Ingenious Excel Phishing Campaign Spreading Dangerous Fileless Malware
- More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
- Famous cyber attacks of the past decade
- Is it possible to 'crack' ransomware?
- Detection of Windows SmartScreen vulnerability being exploited to spread DarkGate malware
SteelFox Trojan: Malware Turns PCs Into Cryptocurrency Mining Zombies
Remcos Alert: Ingenious Excel Phishing Campaign Spreading Dangerous Fileless Malware
More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
Famous cyber attacks of the past decade
Is it possible to 'crack' ransomware?
Detection of Windows SmartScreen vulnerability being exploited to spread DarkGate malware