July 15, 2024 at 11:26AM
APT INC, formerly known as SEXi ransomware operation, has targeted various organizations using Babuk and LockBit 3 encryptors to attack VMware ESXi servers and Windows. The threat actors have gained attention for attacking IxMetro Powerhost and continue to operate with ransom demands ranging from tens of thousands to millions. Unfortunately, file recovery options are limited. Source: BleepingComputer
From the meeting notes, it is clear that the ransomware operation known as SEXi has rebranded to APT INC, while continuing to target VMware ESXi servers using the Babuk and LockBit 3 encryptors. The attack on IxMetro Powerhost gained media attention and resulted in significant ransom demands. Researcher Will Thomas discovered other variants named SOCOTRA, FORMOSA, and LIMPOPO, which are affiliated with the ransomware operation. Victims have been reaching out to BleepingComputer to share similar experiences regarding attacks by APT INC. The ransom demands from APT INC vary from tens of thousands to millions, with specific targets like IxMetro Powerhost facing demands of two bitcoins per encrypted customer. It is important to note that the Babuk and LockBit 3 encryptors are considered secure with no known weaknesses, making it difficult to recover files without paying the ransom.