Introduction
Cybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a (leaked) ransomware variant. This requires no extraordinary effort, as source code is often leaked or published. With a set of standard tools and a freshly built (and sometimes slightly altered) ransomware sample, victims can be sought, and the malicious activity can spread.
In the past months, we released several private reports detailing exactly this. You will find a few excerpts from these below. To learn more about our crimeware reporting service, contact us at [email protected].
SEXi
This past April, IxMetro was hit by an attack that used a still-new ransomware variant dubbed “SEXi”. As the name suggests, the group focuses primarily on ESXi applications. In each of the cases we investigated, the victims were running unsupported versions of ESXi, and there are various assumptions about the initial infection vector.
The group deploys one of two types of ransomware variants depending on the target platform: Windows or Linux. Both samples are based on leaked ransomware samples, namely Babuk for the Linux version and Lockbit for Windows. This is the first time we’ve seen a group use different leaked ransomware variants for their target platforms.
Another thing that sets t ..
Support the originator by clicking the read the rest link below.
