Get in Touch
Please get in touch using the form below.
New RedAlert ransomware
Overview
RedAlert is a new ransomware operation, using the double-extortion model, where victims are charged once for a key to access their files and then pressured to pay again to keep the gang from sharing their files (though some gangs then go ahead and sell the secrets anyway).
Not a lot of information has emerged about the group yet but their darknet blog shows they’ve already been successful in some of their attempts.
Impact
ESXi-based ransomware like this one will pause and then encrypt entire virtual machines, virtual memory, swap files, disks and log files, making recovery difficult.
Affected Products
Microsoft Windows Linux VMware ESXi.
Containment, Mitigations & Remediations
Normal ransomware mitigations are advised. Administrators should use network controls to limit access to administration interfaces and ensure that regular backups are kept.
Indicators of Compromise
None listed.
Threat Landscape
Targeting ESXi is becoming a common tactic for ransomware operators as it provides a single point of access to much of a victim’s infrastructure.
Mitre Methodologies
T1486 – Data Encrypted for Impact
Further Information
New RedAlert Ransomware targets Windows, Linux VMware ESXi servers