April 3, 2024 at 06:02PM
Chilean data center and hosting provider IxMetro Powerhost fell victim to a ransomware attack by a new gang called SEXi, impacting VMware ESXi servers and backups. The CEO stated that negotiations with the attackers are discouraged, and the ransom demand equates to $140 million. PowerHost is working with security agencies and offering affected customers new VPS setups. The ransomware, known as SEXi, encrypts virtual machine files and has been targeting VMware ESXi servers since March 2023. The attack has also raised concerns about potential data theft for double extortion.
After reviewing the meeting notes, the key takeaways are as follows:
– PowerHost, a data center and hosting provider with locations in the USA, South America, and Europe, suffered a ransomware attack on their VMware ESXi servers and backups. This incident resulted in customer websites and services being down, with the company attempting to restore terabytes of data from encrypted backups.
– The ransomware gang known as SEXi demanded two bitcoins per victim, amounting to approximately $140 million in total. However, the CEO of PowerHost disclosed that law enforcement agencies unanimously recommended against negotiating with the threat actors due to the high likelihood of them disappearing after payment.
– To assist impacted VPS customers in bringing their sites back online, PowerHost is offering to set up new VPS.
– The ransomware, known as SEXi, targets VMware ESXi servers and appends the .SEXi extension to encrypted virtual machine files. The ransom note instructs victims to download the Session messaging app and contact the threat actors at a listed address. It is also noted that the attackers are currently not stealing data for double extortion attacks through data leak sites.
These takeaways provide a concise summary of the cyberattack, the ransom demands, and the nature of the SEXi ransomware operation.