Post by account_disabled on Feb 25, 2024 3:54:54 GMT
In recent weeks, Trend Micro, a multinational company that operates in the field of IT security, has detected several ransomware attacks on Linux that affected VMware ESXi servers , used in corporate environments for the creation and execution of high-performance virtual machines. The cybercriminals proceed with the encryption of the files, asking to be contacted within three days, the maximum limit to avoid the disclosure of the encrypted data. Content index: How Cheerscrypt works Cybersecurity among companies' priorities How Cheerscrypt works When Cheerscrypt attacks, the virtual machines stop running to allow the ransomware to locate VMware-related files, those with the .log, .vmdk, .vmem, .vswp and .vmsn extensions.
Before continuing with encryption, the files are renamed with the .Cheers extension Chinese Student Phone Number List and the note “How to Restore Your Files.txt” containing the ransom request is added to each folder. However, it should be noted that without authorization to access the file it will not be possible to proceed with the encryption, with the consequent failure of the ransomware attack. As Trend Micro explained, the encryption algorithm chosen by cybercriminals is SOSEMANUK. For each file, this cipher generates a pair of keys, one public and one private, and combines the generated private key with a second public key embedded in the ransomware to create a secret key.
It is interesting to note that the private key generated by the program is not saved: in this way, criminals make it impracticable to decrypt the data. Therefore , decryption is only possible if the cyber criminals' private key is known . Cybersecurity among companies' priorities ESXi is widely used in corporate environments for server virtualization and is now a common target of ransomware attacks in a context where threats are increasingly frequent and evolving. Considering the first half of 2021, a report from the Interior Ministry underlines how cyber crimes in Italy have increased dramatically , with around 800 cyber crimes per day which primarily involved small and medium-sized businesses, which appear to be more exposed to damage and to the cost consequences of the attacks.
Before continuing with encryption, the files are renamed with the .Cheers extension Chinese Student Phone Number List and the note “How to Restore Your Files.txt” containing the ransom request is added to each folder. However, it should be noted that without authorization to access the file it will not be possible to proceed with the encryption, with the consequent failure of the ransomware attack. As Trend Micro explained, the encryption algorithm chosen by cybercriminals is SOSEMANUK. For each file, this cipher generates a pair of keys, one public and one private, and combines the generated private key with a second public key embedded in the ransomware to create a secret key.
It is interesting to note that the private key generated by the program is not saved: in this way, criminals make it impracticable to decrypt the data. Therefore , decryption is only possible if the cyber criminals' private key is known . Cybersecurity among companies' priorities ESXi is widely used in corporate environments for server virtualization and is now a common target of ransomware attacks in a context where threats are increasingly frequent and evolving. Considering the first half of 2021, a report from the Interior Ministry underlines how cyber crimes in Italy have increased dramatically , with around 800 cyber crimes per day which primarily involved small and medium-sized businesses, which appear to be more exposed to damage and to the cost consequences of the attacks.