New GwisinLocker ransomware encrypts Windows and Linux ESXi servers

This site generally doesn’t cover or announce new types of ransomware, but this one targets the healthcare sector, so…. 

Bill Toulas reports:

A new ransomware family called ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines.

The new malware is the product of a lesser-known threat actor dubbed Gwisin, which means “ghost” in Korean. The actor is of unknown origin but appears to have a good knowledge of the Korean language.

Also, the attacks coincided with Korean public holidays and occurred during early morning hours, so Gwisin has a good grasp of the country’s culture and business routines.

Read more at Bleeping Computer.

About the author: Dissent

Comments are closed.