Security News > 2022 > July > New RedAlert Ransomware targets Windows, Linux VMware ESXi servers

A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks.

The Linux encryptor is created to target VMware ESXi servers, with command-line options that allow the threat actors to shut down any running virtual machines before encrypting files.

When encrypting files, the ransomware will only target files associated with VMware ESXi virtual machines, including log files, swap files, virtual disks, and memory files, as listed below.

Like almost all new enterprise-targeting ransomware operations, RedAlert conducts double-extortion attacks, which is when data is stolen, and then ransomware is deployed to encrypt devices.

When a victim does not pay a ransom demand, the RedAlert gang publishes stolen data on their data leak site that anyone can download. Currently, the RedAlert data leak site only contains the data for one organization, indicating that the operation is very new.

While there has not been a lot of activity with the new N13V/RedAlert ransomware operation, it is one that we will definitely need to keep an eye on due to its advanced functionality and immediate support for both Linux and Windows.

News URL

https://www.bleepingcomputer.com/news/security/new-redalert-ransomware-targets-windows-linux-vmware-esxi-servers/