In January 2026, a new Linux variant of the Qilin ransomware (formerly Agenda) turned up in the wild, built specifically to hit VMware ESXi virtualization environments. It is one of the first ransomware families to focus this heavily on ESXi hypervisors, a target that keeps gaining appeal because encrypting a single host can take down dozens of virtual machines at once.
What it is and how it works
Qilin is a ransomware-as-a-service (RaaS) operation that launched as “Agenda” in August 2022 and rebranded to Qilin in September of the same year. The new sample is a cross-platform encryptor: when it runs, it checks whether it sits on Linux, FreeBSD or a VMware ESXi server and tailors its behavior to match.
The binary stands out for how flexible it is. It supports embedded configuration and command-line arguments that let the attacker turn on a debug mode, run a dry-run scan, choose whether to encrypt virtual machines and their snapshots, and tweak whitelists and blacklists of directories, file extensions and processes.
Who is affected
The main targets are VMware ESXi servers, along with Linux and FreeBSD systems. The encryptor goes after high-value directories —databases, virtualization storage and backups— while skipping critical system paths such as /boot/, /proc/ and /sys/ so it doesn’t break the host before encryption finishes. Once done, it appends a configured extension to files and drops a ransom note in each affected folder.
The most damaging part is how it treats virtual machines: before encrypting, it shuts down VMs and removes their snapshots using ESXi-specific commands such as esxcli and esxcfg-advcfg, something you rarely see in other ESXi encryptors. Wiping the snapshots makes recovering without paying the ransom far harder.
Severity
The impact is high. Qilin has been one of the most prolific ransomware groups, with hundreds of victims and ransom demands ranging from around $25,000 to several million dollars. Having the encryptor automatically power off virtual machines and wipe snapshots makes it an especially dangerous threat to data centers and providers that concentrate workloads on ESXi.
Mitigation and recommendations
There’s no specific vulnerability with a patch here, just an encryption tool dropped after initial access, so the defense has to run deep:
- Keep offline or immutable backups that can’t be reached from the ESXi host itself.
- Restrict and monitor administrative access to ESXi and vCenter; enforce multi-factor authentication.
- Enable ESXi lockdown mode and limit the SSH shell.
- Watch for unexpected execution of
esxcliandesxcfg-advcfgcommands and mass VM shutdowns. - Apply VMware patches and segment the management network.