SEXi / APT Inc Ransomware – What You Want To Know – Cyber Tech

SEXi? Significantly? What are you speaking about this time?

Don’t be concerned, I am not attempting to conjure pictures in your thoughts of Rod Stewart in his iconic leopard print trousers. As an alternative, I need to warn you a couple of cybercrime group that has gained notoriety for attacking VMware ESXi servers since February 2024.

Excuse me for not understanding, however what’s VMWare EXSi?

EXSi is a hypervisor – permitting companies who need to scale back prices and simplify administration to consolidate a number of servers onto a single bodily machine. 

ESXi is a well-liked alternative with cloud suppliers and information centres which have a require to host 1000’s of digital machines for his or her clients, however there are additionally use instances in healthcare, finance, training, and different sectors.

So the SEXi gang breaks into EXSi servers and encrypts the info?

That is right. For example, in April Chilean information centre and internet hosting supplier IxMetro PowerHost had its VMware ESXi servers and backups encrypted. The attackers demanded a ransom of $140 million value of Bitcoin.

140 million {dollars}? Sheesh!

It is quite a bit is not, is not it? Apparently, the ransomware group calculated the determine by demanding two Bitcoins for each PowerHost buyer whose information had been. 

Apparently, the ransomware group calculated the determine by demanding two Bitcoins for each buyer of PowerHost who had had their information encrypted. 

PowerHost’s CEO says that he personally negotiated with the attackers, described the demand as “exorbitant”, and refused to pay up.

So how are you aware in case your computer systems have, err.. bought SEXi?

Encrypted recordsdata have their filenames appended with “.SEXi”. Recordsdata associated to digital machines, similar to digital disks, storage, and backup pictures, are focused. 

As well as, a ransom word is dropped onto affected programs referred to as SEXi.txt.

The ransom message tells victims to obtain the end-to-end encrypted messaging app Session, and make contact with the extortionists.

Are there any identified weaknesses within the encryption used within the SEXi assaults that may very well be used to recuperate your information with out paying?

Sadly not, and so there aren’t any freely accessible instruments to recuperate encrypted information. Companies hit by SEXi ransomware assaults need to hope that they’ve made a backup of important information that has not been compromised by the cybercriminals.

None of this sounds very SEXI in any respect…

I agree. And perhaps the attackers do too. From final month onwards they seem to have tried to rebrand themselves with the marginally much less disturbing title of “APT Inc.” Which, in fact, means an replace to the ransom word – though not a lot has modified in the best way the criminals function. 

What can my firm do to raised defend its VMware EXSi servers?

You may considerably strengthen the safety of your VMware ESXi setting and defend beneficial information by following these steps:

• Replace and patch your VMware EXSi programs in opposition to vulnerabilities.
• Disable the default root account and create separate consumer accounts granting customers solely the permissions they want.
• Be sure that passwords are sturdy, can’t be guessed or cracked, and are distinctive.
• Proactively monitor and log occasions to detect potential safety breaches.

For additional recommendation, learn VMware’s suggestions for securing EXSi.

Editor’s Word: The opinions expressed on this visitor creator article are solely these of the contributor and don’t essentially mirror these of Tripwire.