REvil, a well-known ransomware group, will now conduct its operations with a Linux encryption system that targets and encrypts virtual Vmware ESXi machines, making it easier for the group to encrypt many servers simultaneously with a single command.
Vitali Kremez of Advanced Intel explained in an interview with Bleeping Computer that the new REvil Linux variant is an ELF64 executable that contains the same configuration options used by the more common Window Executable.
For Wosar “The reason why most ransomware groups implemented a Linux-based version of their ransomware is to target ESXi specifically”
For more information, read the original story in Bleeping Computer.