From blog.malwarebytes.com
BlackBasta, an alleged subdivision of the ransomware group Conti, just began supporting the encryption of VMware’s ESXi virtual machines (VM) installed on enterprise Linux servers. Because more and more organizations have begun using VMs for cost-effectiveness and easier management of devices, this change in tactic makes sense.