Security News > 2024 > July > SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks
The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks.
The ransomware operation was given the name SEXi based on the SEXi.txt ransom note name and the.
Cybersecurity researcher Will Thomas later found other variants that use the names SOCOTRA, FORMOSA, and LIMPOPO. While the ransomware operation utilizes both Linux and Windows encryptors, it is known for targeting VMware ESXi servers.
Rebrands as APT INC. Since June, the ransomware operation has rebranded as APT INC, with cybersecurity researcher Rivitna telling BleepingComputer they continue to use the Babuk and LockBit 3 encryptors.
The leaked Babuk and LockBit 3 encryptors have been used to power new ransomware operations, including APT INC. The leaked Babuk encryptors have been widely adopted as they include an encryptor that targets VMware ESXi servers, which is heavily used in the enterprise.
Linux version of RansomHub ransomware targets VMware ESXi VMs. Linux version of TargetCompany ransomware focuses on VMware ESXi.
News URL
Related news
- Linux version of TargetCompany ransomware focuses on VMware ESXi (source)
- Linux version of RansomHub ransomware targets VMware ESXi VMs (source)
- New Eldorado ransomware targets Windows, VMware ESXi VMs (source)
- New Linux Variant of Play Ransomware Targeting VMWare ESXi Systems (source)
- New Play ransomware Linux version targets VMware ESXi VMs (source)
- London hospitals left in critical condition after ransomware attack (source)
- Major London hospitals disrupted by Synnovis ransomware attack (source)
- Qilin ransomware gang linked to attack on London hospitals (source)
- London hospitals face blood shortage after Synnovis ransomware attack (source)
- Black Basta ransomware gang linked to Windows zero-day attacks (source)