News

The new RedAlert ransomware targets at VMware esxi servers

Redalert ransomware, also known as n13v ransomware, is a new type of ransomware in 2022. It was first exposed in July 2022. It mainly carries out encryption attacks against windows and Linux VMware esxi servers. So far, the ransomware hacker organization has published a victim on its dark network website, and the victim has also published information about being attacked by hackers on its official website, The victim enterprise is working with experts in the field of cybercrime to obtain evidence and trace the source, and has issued relevant announcements, as shown below:

The enterprise announcement shows that: it is not certain that the database has been leaked, but for the sake of transparency, the customer has been notified preventively. According to the current situation, the attacker has not invaded the central database of the enterprise, and can still visit it by email and phone. The ongoing project is not threatened, and it is expected that the system will be fully restored next week.

From the statement point of view, the enterprise is still very responsible. It has not concealed the fact of being attacked by hackers from its customers. At the same time, it has also taken a positive response to seek security experts to conduct forensic analysis of enterprise events.

ransomwarees targeting the Linux platform have become active in the past year or two. Several mainstream ransomware hacker organizations have joined the extortion attacks on the Linux platform. At the same time, hacker organizations are also constantly developing new ransomware families. Because the source code of conti and babuk, two mainstream ransomwarees, has been leaked, Recently, some new ransomware family variants have been developed based on these two open source codes. The emergence of redalert has added a new family member to the ransomware for Linux platform. It can be predicted that with the development of cloud computing, more new ransomware viruses for Linux platform will appear in the future.

In fact, the malware family for the Linux platform is also divided into many types. Previously, most of the malware families on the Linux platform were zombies such as xorddos/billgates and various mining Trojans (teamt_n_t, workminer, DDG, 8220). With the popularity and development of IOT IOT devices based on the Linux platform, hackers developed various IOT botnet families based on the Linux platform, The two representative families are Mirai and Mozi.

With the development of cloud computing, more and more cloud computing servers are based on the Linux platform, and blackmail virus hacker organizations have also turned their attack targets to cloud computing, leading to the blackmail virus family on the Linux platform has also become popular. The Linux platform is not only botnets and blackmail viruses, but also contains various Trojan remote control backdoors (rekoobe, oldfox, habitsrat, bellarat, thefatrat, symbiote, etc.), Some apt hacker organizations (hackingteam, Lazarus, turla, equation, sidecopy, etc.) have long been developing malware based on the Linux platform.

Hackers will spread these malware through various means. At present, some of the mainstream means are mainly: Fishing puddles attack, supply chain attack, website hanging horse, bundled software, social engineering, and the use of some of the latest vulnerabilities exposed. All kinds of security threats are found around the world every day, most of which are related to malware, These malware will steal, destroy and extort important data of the attack target, such as the secret stealing Trojan horse and backdoor malware organized by apt, the wiper destructive malware family in the network war between Russia and Ukraine, and the most popular ransomware malware. The more popular attacks related to malware in the world include extortion attacks, mining Trojans, botnets Apt secret stealing attacks and various BC black and gray products hanging horse attacks.

The business system of enterprises is expanding as information technology continues to advance in today’s society. It is becoming larger and larger in terms of data scale, both in magnitude and data type. The more data there is, and the more complex the business, the more attention should be paid to data protection. In general, backup refers to the local backup system. However, many businesses have multiple data centers, each with its own disaster recovery mechanism, such as synchronous, asynchronous, or dual active.

In the long run, the backup system’s planning and design should correspond to the enterprise’s disaster recovery planning. The overall design of the backup system is a large project with many aspects that must be carefully considered from multiple perspectives to achieve the best solution. Due to the constraints of the current situation, you can also base on the present, focus on the future, and gradually realize your own needs in batches in most cases. In short, good planning at the outset is critical for the backup system. In the event of an emergency data failure, a well-functioning backup system can be extremely useful.

How to choose a reliable virtual machine backup software? VVinchin Backup & Recovery lets you restore a virtual machine and all of its data from any restore point (full, incremental, or differential backup) without affecting the original backup data. Vinchin offers solutions for the world’s most popular virtual environments, such as VMware backup, XenServer backup, XCP-ng backup, Hyper-V backup, RHV/oVirt backup, Oracle backup, etc.

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button