Microsoft: Scattered Spider Widens Web With RansomHub & Qilin

July 16, 2024 at 05:27PM Microsoft’s Threat Intelligence Team warns of Octo Tempest, also known as Scattered Spider, adding RansomHub and Qilin to its attack arsenal. The threat actor uses sophisticated social engineering, identity compromises, and targets VMware ESXi servers. Notably, it is behind major ransomware attacks on Caesars Palace and MGM Entertainment. The group … Read more

SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks

July 15, 2024 at 11:26AM APT INC, formerly known as SEXi ransomware operation, has targeted various organizations using Babuk and LockBit 3 encryptors to attack VMware ESXi servers and Windows. The threat actors have gained attention for attacking IxMetro Powerhost and continue to operate with ransom demands ranging from tens of thousands to millions. Unfortunately, … Read more

UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs

June 20, 2024 at 01:49PM Threat actor UNC3886, suspected to be Chinese, uses open-source rootkits like ‘Reptile’ and ‘Medusa’ on VMware ESXi virtual machines to conduct credential theft, command execution, and lateral movement. Mandiant tracked UNC3886’s attacks on government organizations and revealed their recent use of rootkits, custom malware tools, and attacks targeting various industries … Read more

Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments

June 6, 2024 at 01:59PM The Mallox ransomware group has introduced a new Linux variant that targets VMware ESXi environments. This variant uses a custom shell to execute ransomware on virtualized systems with high-level user privileges. The group has targeted various sectors and is now active in Taiwan, India, Thailand, and South Korea. Organizations are … Read more

Linux version of TargetCompany ransomware focuses on VMware ESXi

June 5, 2024 at 07:19PM A new Linux variant of TargetCompany ransomware targets VMware ESXi environments using a custom script to execute payloads, exfiltrate data, and drop a ransom note. Trend Micro reports the ransomware encrypts specific file extensions, attributes the attacks to an affiliate named “vampire,” and provides recommendations for defense. The operation’s shift … Read more

TargetCompany’s Linux Variant Targets ESXi Environments

June 5, 2024 at 05:56AM A new Linux variant of TargetCompany ransomware has been discovered, using a custom shell script to deliver and execute the payload, as well as exfiltrate victim information. This variant also targets VMware ESXi environments, potentially increasing the impact and chances of ransom payment. Trend Micro has observed increased activity of … Read more

The Week in Ransomware – April 5th 2024 – Virtual Machines under Attack

April 5, 2024 at 06:04PM Numerous enterprises have fallen victim to ransomware attacks on virtual machine platforms, causing widespread disruption and loss of services. Attackers targeted companies like Panera, Omni Hotels, and IxMetro Powerhost, encrypting their virtual machines and demanding ransom. The attacks highlight the vulnerability of virtual machine platforms and the importance of robust … Read more

Chilean hosting firm’s VMware ESXi servers hit by new SEXi ransomware

April 3, 2024 at 06:02PM Chilean data center and hosting provider IxMetro Powerhost fell victim to a ransomware attack by a new gang called SEXi, impacting VMware ESXi servers and backups. The CEO stated that negotiations with the attackers are discouraged, and the ransom demand equates to $140 million. PowerHost is working with security agencies … Read more

Linux version of Qilin ransomware focuses on VMware ESXi

December 3, 2023 at 04:11PM Security researchers discovered an advanced Linux encryptor made by the Qilin ransomware gang targeting VMware ESXi servers. This customizable encryptor focuses on virtual machine encryption and snapshot deletion while offering a wide range of command-line options for operational flexibility. Qilin, which emerged from the “Agenda” operation, conducts double-extortion attacks and … Read more

Windows Server 2022 update gave ESXi host VMs the blue screen blues

November 16, 2023 at 10:52AM Microsoft’s Ignite event will likely not address the problematic Windows Server 2022 Virtual Machines caused by the KB5031364 October update. The update caused issues with starting VMs on VMware ESXi hosts. Microsoft released a fix in November’s update, KB5032198. Administrators had workarounds before the fix, and users expressed disappointment in … Read more