Security News > 2022 > July > New RedAlert Ransomware targets Windows, Linux VMware ESXi servers
A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks.
The Linux encryptor is created to target VMware ESXi servers, with command-line options that allow the threat actors to shut down any running virtual machines before encrypting files.
When encrypting files, the ransomware will only target files associated with VMware ESXi virtual machines, including log files, swap files, virtual disks, and memory files, as listed below.
Like almost all new enterprise-targeting ransomware operations, RedAlert conducts double-extortion attacks, which is when data is stolen, and then ransomware is deployed to encrypt devices.
When a victim does not pay a ransom demand, the RedAlert gang publishes stolen data on their data leak site that anyone can download. Currently, the RedAlert data leak site only contains the data for one organization, indicating that the operation is very new.
While there has not been a lot of activity with the new N13V/RedAlert ransomware operation, it is one that we will definitely need to keep an eye on due to its advanced functionality and immediate support for both Linux and Windows.
News URL
Related news
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (source)
- New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion (source)
- BlackCat ransomware turns off servers amid claim they stole $22 million ransom (source)
- VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- New Windows Server updates cause domain controller crashes, reboots (source)
- Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver (source)