Ransomware: The trend is to attack Linux servers

ransomware the trend is to attack linux servers.jpg
ransomware the trend is to attack linux servers.jpg

Trend Micro sees growth in ransomware attacks in the first half of 2022. Linux environments are 75 percent more likely to be targeted than in the same period last year.


In the current security report, Trend Micro observes a 75 percent increase in ransomware attacks on Linux-based machines for the first half of 2022 compared to the first half of 2021. The Japanese security service provider thus sees forecasts in the “Midyear Cybersecurity Report” confirmed, in which one for predicted more attacks on servers, server components and related services in 2022. There seem to be more and more offers from RaaS groups (ransomware-as-a-service), especially for the ESXi hypervisor from VMware running on Linux.


Attacks on Linux systems are not an unknown phenomenon, Trend Micro sees the increase from 1121 in the first half of 2021 to 1961 in the first half of 2022 as the beginning of a trend in the coming years. The security company sees this confirmed by the appearance of several tools. The RansomEXX have been known for exploiting security vulnerabilities in ESXi since 2021, and the LockBit ransomware group also announced the LockBit Linux-ESXi Locker Version 1.0 tool last year. In May 2022, security companies discovered Cheerscrypt, which is designed to encrypt log files and other VMware files and can be used for blackmail attempts. Trend Micro warns that attacks on Linux servers in particular often affect company systems and thus also endanger critical infrastructure.



According to Trend Micro, zero-day vulnerabilities and critical bugs in particular are popular attack vectors. The number of zero-day security gaps has increased by 23 percent compared to the previous year, and the number of critical bugs by as much as 400 percent. According to Trend Micro, attackers like to use cloud tunneling in particular to route malware data traffic or to host phishing websites.

SEE ALSO  Android Auto in your Tesla: the curious device to change the operating system in a matter of minutes

Blackmail groups like LockBit are becoming more and more professional and provoke by announcing a bug bounty program for weak points in systems or traces of their own malware. Overall, the market for cybercrime in the form of services is growing rapidly and enjoying great popularity.

The security report can be found on Trend Micro’s website, as can the full Midyear Cybersecurity Report.