Numerous organizations had their VMware ESXi servers persistently targeted by the SEXi ransomware operation under the APT INC banner since last month, reports BleepingComputer.
Attacks by APT INC were noted by cybersecurity researcher Rivitna to continue involving the use of the leaked Babuk ransomware encryptor for virtual machine-related files upon successfully infiltrating VMware ESXi servers. Impacted organizations are then given random name assignments for ransom notes and encrypted file extensions, with the former found to contain demands ranging from tens of thousands to millions of dollars, as well as have a session address identical to the one in SEXi ransom notes. Such a development comes months after the SEXi ransomware gang, which emerged in February, launched a widespread attack against the VMware ESXi servers of Chilean hosting provider IxMetro Powerhost. Every encrypted customer was demanded two bitcoins each by the attackers, said IxMetro Powerhost CEO Ricardo Rubem.