VMware ESXi servers running on Windows and Linux are being targeted by the novel RedAlert ransomware operation, also known as N13V, in an effort to infiltrate corporate networks and conduct double-extortion attacks, according to BleepingComputer.
RedAlert's Linux encryptor was identified to feature command-line options for shutting down operational virtual machines prior to file encryption, while the ransomware was found to leverage the public-key encryption algorithm NTRUEncrypt, also used by FiveHands.
BleepingComputer discovered that RedAlert would then target .log, .vmdk, .vmem, .vmsn, and .vswp files, which are then appended with the .crypt658 extension upon encryption. Custom ransom notes with details on the stolen data and a link to the attackers' TOR ransom payment site are then created in every folder.
While RedAlert has so far only listed one organization on its data leak site, the operation's advanced ransomware functionality and flexibility may make it a significant cybersecurity threat in the future.
New rewards of up to $10 million are being offered by the Rewards for Justice mission, a division of the US State Department that manages national security rewards, for anyone who can provide insightful information on the Conti ransomware group, specifically its five key members, Target, Dandis, Tramp, Reshaev and Professor, Wired reports.