Cybercriminals are well-versed in the widespread use of VMware ESXi for server virtualization in enterprise settings. Cheerscrypt ransomware has been discovered targeting VMware ESXi hosts that are vulnerable or inadequately secured.
Cheerscrypt ransomware is a type of ransomware that encrypts
Cheesescrypt is a Linux-based ransomware that Trend Micro detected.
The attackers launch the encryptor after compromising the VMware ESXi server, which automatically enumerates running VMs and shuts them down using a specific esxcli command.
It looks for files with the.log,.vmdk,.vmem,.vmsn, and.vswp extensions, which are associated with ESXi snapshots, swap files, paging files, virtual disks, and log files, while encrypting data.
The attackers give their victims three days to access the provided Tor site to negotiate a ransom payment in exchange for a functional decryption key, according to the ransom letters.
Use of a two-pronged extortion strategy
Only four victims are currently listed on the Cheerscrypt ransomware operation’s victim extortion and data leak site.
The existence of this portal shows that Cheerscrypt is conducting data exfiltration and exploiting the stolen data during the attacks.
The victims are medium-sized businesses, and it appears that the ransomware group likes to target businesses who can afford to pay higher ransom demands.
If no one wants to buy the data, it will be released on the leak portal.
Additional information
The extension of each encrypted file is ‘.Cheers,’ although files are renamed before encryption. The encryption fails if the access permission to rename a file is refused, yet the file gets renamed.
The encryption generates a secret key from a pair of public and private keys, which is then appended to each encrypted file. To prevent recovery, the private key used to generate the secret key is erased.
Because VMware ESXi is often utilized in enterprise settings for server virtualization, it is frequently targeted in ransomware attacks. To stay protected in an ever-changing threat landscape, firms with excellent cybersecurity defenses must take a proactive approach against ransomware assaults.
As a result of the true tale, VMware customers should be wary of such difficulties, implement a dependable backup solution, and reduce the chance of ransomware attacks as soon as feasible. Users can better secure data from ransomware by fully utilizing Vinchin Backup & Recovery, the backup solution that has protected over 1.6 million VMs throughout the world, by simply following the three steps below.
- Make regular backups.
Backups that are current and up-to-date are critical for ensuring business continuity.
- Establish an appropriate retention policy.
Proper retention policies not only comply with laws and regulations, but also aid in meeting your organization’s data retention needs.
- Follow the golden rule for backups.
Users should have three copies of their data, two on two separate storage media and at least one off-site at a remote location for disaster recovery, according to the well-known backup rule.
More creative capabilities will be available in Vinchin Backup & Recovery version 6.7, which will be launched later this year, to better preserve your sensitive data in both the production and backup environments. The unique Vinchin backup encryption technology can monitor and protect backup data from all angles, effectively raising the security level of your backup data by preventing any backup data modification by ransomware. When ransomware strikes again, it will be you who is on the run.
TOP REASON TO CHOOSE VINCHIN
More creative capabilities will be available in Vinchin Backup & Recovery version 6.5, which will be launched later this year, to better preserve your sensitive data in both the production and backup environments. The unique Vinchin backup encryption technology can monitor and protect backup data from all angles, effectively raising the security level of your backup data by preventing any backup data modification by ransomware or malware. When ransomware strikes again, it will be you who is on the run.
You can apply a 60-day free trial of the full-featured enterprise edition with free pre-sale support Customer receives free installation and configuration support for proof-of-concept and internal evaluation tests. Allows the user to thoroughly assess the best vmware backup before purchasing it.
Read more interesting articles at Good Thing2