detection icon

Short bio

Ransom.ELF.ESXi.Attacks is Malwarebytes’ detection name for attacks by ransomware groups on vulnerable ESXi systems

Malicious behavior

Ransom.ELF.ESXi.Attacks is an exploit against vulnerable ESXi Virtual Machines that tries to stop the virtual machines and encrypt them. Victims are then notified they need to buy the decryption keys.


Malwarebytes Nebula offers the Endpoint Agent for Linux machines. This agent is able to detect and remove Ransom.ELF.ESXi.Attacks.

Ransom.ELF.ESXi.Attacks detected

Business remediation

How to remove Trojan.MalPack.DLF with the Malwarebytes Nebula console

You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.

endpoint menu

Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found.

Nebula detections
On the Quarantine page you can see which threats were quarantined and restore them if necessary.
Nebula Quarantaine