Cheerscrypt

Malware updated a month ago (2024-11-29T13:32:32.854Z)
Download STIX
Preview STIX
Cheerscrypt is a malicious software (malware) that was discovered in May 2022, specifically designed to target ESXi servers, which are extensively used by enterprises for server virtualization. This discovery was made following the reporting of DarkSide ransomware variants in May 2021. Cheerscrypt, like other malware, can infiltrate systems through suspicious downloads, emails, or websites, and once inside, it can disrupt operations, steal personal data, or even hold your data hostage for ransom. The analysis suggests that Cheerscrypt and another malware called ESXi Args are likely based on leaked Babuk source code, which has been previously used in other ESXi ransomware campaigns, including Quantum/Dagon group’s PrideLocker encryptor. Interestingly, the ransom notes from Cheerscrypt and ESXi Args, circulated between October 2022 and February 2023, share striking similarities in their wording. However, differences in encryption methods have raised questions about whether they represent new variants or just share a common Babuk codebase. Cheerscrypt gained notoriety in early 2022 and is part of an alarming trend of ransomware attacks targeting ESXi servers. Other recent examples include ESXiArgs and Luna. These attacks underscore the escalating threat landscape for enterprise server infrastructure and highlight the need for robust cybersecurity measures to protect against such threats.
Description last updated: 2024-07-22T15:16:41.427Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Esxi
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The DarkSide Threat Actor is associated with Cheerscrypt. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply acrossUnspecified
2
Source Document References
Information about the Cheerscrypt Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more