author photo
By Cam Sivesind
Thu | May 4, 2023 | 9:06 AM PDT

The threat research team at Uptycs has discovered a new ransomware binary attributed to the RTM group, a known ransomware-as-a-service (RaaS) provider. 

According to a post from Uptycs: "RTM Locker was identified during Uptycs' dark web hunting. Its malware is specifically geared toward ESXi hosts, as it contains two related commands. Its initial access vector remains unknown. Both asymmetric and symmetric encryption make it impossible to decrypt files without the attacker's private key."

The post adds, "This is the first time the group has created a Linux binary. Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leaked source code."

RaaS was brought up as a key problem during a recent BarCode podcast recorded at SecureWorld Philadelphia last month. Find the session recording on the BarCode website, on Apple Podcasts, or on YouTube.

David Lingenfelter, VP of Information Security at Penn Entertainment, said during the recorded panel session: "Ransomware is just one of those things that's not going away. The bad guys keep finding new ways to take advantage of it and use it. I mean, ransomware-as-a-service, we all have heard of that one by now. You basically go out and you rent your ransomware attacker and you rent the tools to get it done and to get it infiltrated into people's networks."

Jack Roehrig, Technology Evangelist at Uptycs, is speaking on a panel on cloud security at SecureWorld Houston on May 18th; and the company that connects insights across modern attack surface, promotes teamwork, and tackles compliance, vulnerabilities, and threats is sponsoring a Happy Hour at the end of the conference day.

See the Uptycs post for an FAQ section, answering questions such as:

•  How are RTM Locker and Babuk ransomware related?
•  Can the encrypted files be decrypted without the attacker's private key?

TechTarget offers this handy post answering the question, "What is ransomware-as-a-service (RaaS)?"

Tags: Ransomware,
Comments