Security News > 2022 > September > New ransomware hits Windows, Linux servers of Chile govt agency

Chile's national computer security and incident response team has announced that a ransomware attack has impacted operations and online services of a government agency in the country.

The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency.

"The ransomware would use the NTRUEncrypt public key encryption algorithm, targeting log files, executable files, dynamic library files, swap files, virtual disks, snapshot files, and virtual machine memory files, among others," - Chile CSIRT. According to CSIRT, the malware used in this attack also had functions for stealing credentials from web browsers, list removable devices for encryption, and evade antivirus detection using execution timeouts.

Chile's CSIRT announcement doesn't name the ransomware group is responsible for the attack, nor does it provide sufficient details that woul lead to identifying the malware.

Crypt" extension in attacks, targets both Windows servers and Linux VMWare ESXi machines, is capable to force-stop all running VMs prior to encryption, and uses the NTRUEncrypt public-key encryption algorithm.

Chile CSIRT has provided a set of indicators of compromise for files used in the attack that defenders can use to protect their organizations.

News URL

https://www.bleepingcomputer.com/news/security/new-ransomware-hits-windows-linux-servers-of-chile-govt-agency/