Security News > 2022 > September > New ransomware hits Windows, Linux servers of Chile govt agency
Chile's national computer security and incident response team has announced that a ransomware attack has impacted operations and online services of a government agency in the country.
The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency.
"The ransomware would use the NTRUEncrypt public key encryption algorithm, targeting log files, executable files, dynamic library files, swap files, virtual disks, snapshot files, and virtual machine memory files, among others," - Chile CSIRT. According to CSIRT, the malware used in this attack also had functions for stealing credentials from web browsers, list removable devices for encryption, and evade antivirus detection using execution timeouts.
Chile's CSIRT announcement doesn't name the ransomware group is responsible for the attack, nor does it provide sufficient details that woul lead to identifying the malware.
Crypt" extension in attacks, targets both Windows servers and Linux VMWare ESXi machines, is capable to force-stop all running VMs prior to encryption, and uses the NTRUEncrypt public-key encryption algorithm.
Chile CSIRT has provided a set of indicators of compromise for files used in the attack that defenders can use to protect their organizations.
News URL
Related news
- Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Use Windows event logs for ransomware investigations, JPCERT/CC advises (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)