The HelloKitty ransomware group has been observed to use a Linux variant to target VMware’s ESXi virtual machine platform. They use the tactic known as double extortion, wherein they exfiltrate user information before encrypting their data.

This ransomware encrypts the data on your disk and can stop you from using your device or accessing your data. It encrypts files, renders them inaccessible, and demands payment for the decryption key.

For information about ransomware and other human-operated ransomware campaigns, read the following blog post: 

• Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself