Security News > 2022 > September > New ransomware hits Windows, Linux servers of Chile govt agency
Chile's national computer security and incident response team has announced that a ransomware attack has impacted operations and online services of a government agency in the country.
The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency.
"The ransomware would use the NTRUEncrypt public key encryption algorithm, targeting log files, executable files, dynamic library files, swap files, virtual disks, snapshot files, and virtual machine memory files, among others," - Chile CSIRT. According to CSIRT, the malware used in this attack also had functions for stealing credentials from web browsers, list removable devices for encryption, and evade antivirus detection using execution timeouts.
Chile's CSIRT announcement doesn't name the ransomware group is responsible for the attack, nor does it provide sufficient details that woul lead to identifying the malware.
Crypt" extension in attacks, targets both Windows servers and Linux VMWare ESXi machines, is capable to force-stop all running VMs prior to encryption, and uses the NTRUEncrypt public-key encryption algorithm.
Chile CSIRT has provided a set of indicators of compromise for files used in the attack that defenders can use to protect their organizations.
News URL
Related news
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Windows Server 2025 released—here are the new features (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- BT unit took servers offline after Black Basta ransomware breach (source)