Security News > 2022 > September > New ransomware hits Windows, Linux servers of Chile govt agency
Chile's national computer security and incident response team has announced that a ransomware attack has impacted operations and online services of a government agency in the country.
The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency.
"The ransomware would use the NTRUEncrypt public key encryption algorithm, targeting log files, executable files, dynamic library files, swap files, virtual disks, snapshot files, and virtual machine memory files, among others," - Chile CSIRT. According to CSIRT, the malware used in this attack also had functions for stealing credentials from web browsers, list removable devices for encryption, and evade antivirus detection using execution timeouts.
Chile's CSIRT announcement doesn't name the ransomware group is responsible for the attack, nor does it provide sufficient details that woul lead to identifying the malware.
Crypt" extension in attacks, targets both Windows servers and Linux VMWare ESXi machines, is capable to force-stop all running VMs prior to encryption, and uses the NTRUEncrypt public-key encryption algorithm.
Chile CSIRT has provided a set of indicators of compromise for files used in the attack that defenders can use to protect their organizations.
News URL
Related news
- Windows Server 2025 previews security updates without restarts (source)
- Microsoft ends development of Windows Server Update Services (WSUS) (source)
- Windows Server 2025 gets hotpatching option, without reboots (source)
- New Mallox ransomware Linux variant based on leaked Kryptina code (source)
- Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Use Windows event logs for ransomware investigations, JPCERT/CC advises (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)