Cheerscript is a new Linux ransomware targeting VMware ESXi servers. Trend Micro cybersecurity experts: The malware employs the double extortion scheme and renames the files it will encrypt

Cheerscript is a new Linux ransomware targeting vulnerable VMware ESXi servers. It has been unveiled by Trend Micro cybersecurity experts. The malware requires an input parameter specifying the path to encrypt so that it can proceed to its Infection routine. The termination of the VM processes ensures that the ransomware can successfully encrypt VMware-related files. Similar to other cybercrime malicious codes, Cheerscrypt employs the double extortion scheme to coerce its victim to pay the ransom, as shown on their ransom note. Successfully encrypted files are renamed with the .Cheers extension. However, the ransomware first renames the files it will encrypt. Thus, if the access permission for the file was not granted, it cannot proceed with the actual encryption. For each directory it encrypts, it will drop the ransom note named, “How to Restore Your Files.txt”.