Desire of SEXi Ransomware for VMware Hypervisors

Published:

spot_img

Emergence of SEXi Ransomware Targeting VMware ESXi Servers – Latest Cyber Threat Analysis

A new variant of the Babuk ransomware, dubbed “SEXi,” has recently emerged targeting VMware ESXi servers in various countries. One notable victim of this cyberattack is IxMetro PowerHost, a Chilean data center hosting company. The attackers demanded a hefty ransom of $140 million, but the company’s CEO, Ricardo Rubem, has stated that they will not be paying.

Germán Fernández, a cybersecurity researcher at CronUp, confirmed the attack on PowerHost and revealed that the ransomware locked up the company’s servers using the .SEXi file extension. The initial access vector to the internal network is still unknown, adding to the mystery surrounding this cyber threat.

Further investigations by Will Thomas, a CTI researcher at Equinix, uncovered a binary related to the attack known as “LIMPOPOx32.bin,” which is believed to be a Linux version of Babuk. This malware has a 53% detection rate on VirusTotal, with 34 out of 64 security vendors flagging it as malicious since its upload on Feb. 8.

The emergence of SEXi ransomware highlights the convergence of two significant ransomware trends: the adaptation of malware from the Babuk source code and a growing interest in compromising VMware ESXi servers. The attackers behind SEXi have orchestrated a series of attacks in Latin American countries, utilizing different variants of the ransomware.

As the cyber threat landscape continues to evolve, it is crucial for organizations to secure their ESXi environments by following best practices recommended by experts. Implementing regular software patches, strengthening password security, monitoring network activities, and maintaining secure backups are essential steps in mitigating the risk of ransomware attacks targeting VMware ESXi servers.

spot_img

Related articles

Recent articles

In Other News: Canadian Hacker Jailed, 14 Million Affected by KDDI Data Breach, Two Sentenced for ATM Jackpotting

In Other News: Canadian Hacker Jailed, 14 Million Affected by KDDI Data Breach, Two Sentenced for ATM Jackpotting In recent cybersecurity developments, significant incidents have...

In Kinshasa, President Tshisekedi Accelerates Ebola Response as President Ramaphosa Promotes African Solidarity

In Kinshasa, President Tshisekedi Accelerates Ebola Response as President Ramaphosa Promotes African Solidarity In a significant move to combat the ongoing Ebola outbreak, President Félix...

North Korea-Linked npm Packages Masquerade as Rollup Polyfills to Exfiltrate Developer Secrets

North Korea-Linked npm Packages Masquerade as Rollup Polyfills to Exfiltrate Developer Secrets Recent cybersecurity developments have revealed a new wave of malicious npm packages linked...

UK’s National Cyber Action Plan Delayed Amid Labour Leadership Crisis

UK's National Cyber Action Plan Delayed Amid Labour Leadership Crisis Britain's National Cyber Action Plan, a crucial initiative aimed at bolstering the economy against state-sponsored...