BERT Ransomware Forcibly Shut Down ESXi Virtual Machines to Disrupt Recovery

New ransomware group employs advanced virtualization attack tactics to maximize damage and hinder organizational recovery efforts.

A newly emerged ransomware group known as BERT has introduced a particularly disruptive capability that sets it apart from traditional ransomware operations: the ability to forcibly terminate ESXi virtual machines before encryption, significantly complicating recovery efforts for targeted organizations. 

First observed in April 2025, BERT (tracked by Trend Micro as Water Pombero) has quickly established itself as a serious threat to virtualized environments across Asia, Europe, and the United States.

…

https://share.google/KsswjV2ejJhjNApcV