Cloud Security, Ransomware

VMware ESXi targeting by SEXi ransomware continues under new name

Share
VMware logo close up on website page

Numerous organizations had their VMware ESXi servers persistently targeted by the SEXi ransomware operation under the APT INC banner since last month, reports BleepingComputer.

Attacks by APT INC were noted by cybersecurity researcher Rivitna to continue involving the use of the leaked Babuk ransomware encryptor for virtual machine-related files upon successfully infiltrating VMware ESXi servers. Impacted organizations are then given random name assignments for ransom notes and encrypted file extensions, with the former found to contain demands ranging from tens of thousands to millions of dollars, as well as have a session address identical to the one in SEXi ransom notes. Such a development comes months after the SEXi ransomware gang, which emerged in February, launched a widespread attack against the VMware ESXi servers of Chilean hosting provider IxMetro Powerhost. Every encrypted customer was demanded two bitcoins each by the attackers, said IxMetro Powerhost CEO Ricardo Rubem.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.