The Black Basta ransomware emerged last month to target Windows-based systems only, but now the latest ransomware binary is going after VMware virtual machines (VMs).

The latest variant looks to encrypt VMs present inside the volumes folder (/vmfs/volumes) on ESXi-based systems and servers, according to research shared with Dark Reading by Uptycs. It uses the ChaCha20 algorithm to encrypt the files, researchers say, and also multithreading for encryption to utilize multiple processors and make itself faster and harder to detect.

“Provided that the resources on the servers are much more than on a normal system, using these kinds of mechanisms makes the ransomware work much faster for encrypting files,” explains Uptycs security researcher Siddharth Sharma.