Security researchers have identified a new ransomware strain dubbed BlackNova that specifically targets VMware ESXi hypervisors. The malware exploits a recently patched vulnerability in ESXi's authentication mechanism to gain root access and encrypt virtual machine disk files.
Over 800 organizations across 14 countries have reported infections since BlackNova first appeared on April 10. The attackers demand ransoms ranging from 5 to 50 Bitcoin depending on the victim's estimated revenue, with a 72-hour countdown before threatening to publish stolen data.
