Technology

New ransomware group is hitting VMware ESXi systems hard

September 2, 2024

There is a new ransomware group out there, and it seems to be specifically targeting VMware’s ESXi hypervisors.

Cybersecurity researchers from Truesec have recently issued a warning about a threat actor called Cicada3301, which seems to be operating a ransomware encryptor of the same name.

The group looks to have picked up the name from the online cryptographic puzzle game that was popular roughly a decade ago, but other than that, there seems to be no connection between the two.

SLOW#TEMPEST

Truesec says that Cicada3301 has two encryptors, one for Windows devices, and another one for VMware ESXi. So far, the hackers successfully compromised 19 victims, as per the information on its data leak site, BleepingComputer reports.

The same source also states that Cicada3301 most likely kicked off its operations in the first week of June this year, and started recruiting affiliates of its own, at the end of the same month. It also argues that the decision to target ESXi environments means the group is out to “maximize damage in enterprise environments,” since enterprises usually pay better.

Further analyzing the encryptor, the researchers found plenty of overlap between Cicada3301 and ALPHV/BlackCat, suggesting that it’s either the same entity, just rebranded, or a fork built by affiliates. Those with longer memory will remember BlackCat, an infamous Ransomware-as-a-Service (RaaS) which allegedly “took the money and ran” after a successful attack on Change Healthcare.

In late February and early March this year, healthcare giant Change Healthcare was targeted by an ALPHV affiliate. The company allegedly paid $22 million in cryptocurrency, in exchange for the decryptor and its data. However, the money never made it to the affiliates who did the work. Instead, the RaaS operators took all of it and simply disappeared. They shut down the entire infrastructure, pulled everything and vanished into thin air.

The affiliate that breached Change Healthcare and was left holding a sizeable company archive, later rebranded as RansomHub and has since made a number of successful breaches.

More from TechRadar Pro

Facebook
Twitter
Pinterest
WhatsApp

Previous articleBiden claims Netanyahu not doing enough to secure deal with terrorists
Next articleWearing the eyes of Picasso Townsend wins third straight high jump gold medal at Paralympics

M Adam
https://technologiesandgadgets.com/

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar