BleepingComputer reports that IxMetro PowerHost, a Chile-based data center and hosting provider, had its VMware ESXi servers and backups compromised by a novel SEXi ransomware attack during the weekend, which has resulted in website and service disruptions.
Attackers have demanded $140 million worth of bitcoin as ransom to decrypt IxMetro PowerHost's impacted servers, according to PowerHost CEO Ricardo Rubem, who rejected such payment in adherence to the recommendations of law enforcement agencies against fulfilling ransomware actors' demands.
Attacks with the SEXi ransomware targeted at ESXi servers have only commenced last month, with the absence of an encryptor sample indicating potential targeting of Windows devices.
Further examination of the ransomware strain revealed ransom notes directing victims to communicate with attackers through the Session messaging app using the same provided address. However, details regarding the SEXi ransomware operation's involvement in data extortion attacks and other malicious activities remain uncertain.
