Security News > 2024 > July > SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks
The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks.
The ransomware operation was given the name SEXi based on the SEXi.txt ransom note name and the.
Cybersecurity researcher Will Thomas later found other variants that use the names SOCOTRA, FORMOSA, and LIMPOPO. While the ransomware operation utilizes both Linux and Windows encryptors, it is known for targeting VMware ESXi servers.
Rebrands as APT INC. Since June, the ransomware operation has rebranded as APT INC, with cybersecurity researcher Rivitna telling BleepingComputer they continue to use the Babuk and LockBit 3 encryptors.
The leaked Babuk and LockBit 3 encryptors have been used to power new ransomware operations, including APT INC. The leaked Babuk encryptors have been widely adopted as they include an encryptor that targets VMware ESXi servers, which is heavily used in the enterprise.
Linux version of RansomHub ransomware targets VMware ESXi VMs. Linux version of TargetCompany ransomware focuses on VMware ESXi.
News URL
Related news
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- Ransomware gang uses SSH tunnels for stealthy VMware ESXi access (source)
- French govt contractor Atos denies Space Bears ransomware attack claims (source)
- Casio says data of 8,500 people exposed in October ransomware attack (source)
- Preventing the next ransomware attack with help from AI (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)