The Pay2Key ransomware group, linked to Iranian threat actors, has developed a Linux-targeted ransomware variant that actively attacks organizational servers, virtualization hosts, and cloud environments. This Linux-specific malware requires root privileges, disables key Linux security frameworks, and uses the ChaCha20 encryption algorithm to cause significant disruption to critical infrastructure, signaling a major shift in ransomware targeting strategy.
https://cybersecuritynews.com/linux-ransomware-pay2key-attacking-organizations-ervers/
