Security News > 2024 > April > Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware
Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted the company's VMware ESXi servers and backups.
On Monday, PowerHost's Chile division, IxMetro, warned customers that it suffered a ransomware attack early Saturday morning that encrypted some of the company's VMware ESXi servers that are used to host virtual private servers for customers.
According to CronUp cybersecurity researcher Germán Fernández, PowerHost was attacked using a new ransomware that appends the.
While BleepingComputer has not been able to find a sample of this ransomware, we have learned that the ransomware is fairly new, starting to target victims in March 2023.
The known attacks by the threat actors have only been seen targeting VMWare ESXi servers so far, why the ransomware operation chose the name 'SEXi,' which is a wordplay on 'ESXi.'.
RansomHouse gang automates VMware ESXi attacks with new MrAgent tool.
News URL
Related news
- Ransomware gang uses SSH tunnels for stealthy VMware ESXi access (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations (source)
- Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware (source)