Exsi

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
EXSi is a malware that has been causing significant disruptions in the cyber world. This malicious software, designed to exploit and damage computer systems, infiltrates through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware has been used by attackers to successfully shake down companies like Caesars for a ransom, and these same attackers are now targeting MGM Resorts, claiming to have crypto-locked its EXSi hypervisors. The Royal Ransomware threat group, known for being a prolific ransomware actor, is believed to be behind this attack. They have expanded their operations to target Linux platforms and EXSi servers. The developers of the Royal ransomware strain have added a Linux version which researchers believe is specifically designed to target vulnerable EXSi servers. ESXi, hosting several VMs, is a high-yielding target for attackers as they can deploy malware once and encrypt numerous servers with a single command. EXSi's attractiveness to cyberattackers lies in its ability to host multiple, data-rich virtual machines (VMs) on VMware's EXSi hypervisor platform, which runs on Linux and Linux-like OS. The emergence of EXSi stands at the intersection of two major ransomware trends: the development of malware based on the Babuk source code and a growing interest in compromising VMware EXSi servers. The new ransomware has been named ESXiArgs, reflecting its primary target - vulnerable EXSi servers.
What's your take? (Question 1 of 5)
507efd1e-8d43-41e8-9d34-d3a91560d0ca Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransom
Ransomware
Vmware
Linux
Malware
MGM
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Exsi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
2 months ago
SEXi Ransomware Desires VMware Hypervisors
CERT-EU
a year ago
ESXiArgs Ransomware Campaign Facilitated by Exploiting VMware Vulnerability
CERT-EU
a year ago
VMWare ESXi Servers Targeted by Ransomware Gangs
CERT-EU
8 months ago
Caesars Confirms Ransomware Payoff and Customer Data Breach | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
8 months ago
Caesars Confirms Ransomware Payoff and Customer Data Breach | #ransomware | #cybercrime | National Cyber Security Consulting
BankInfoSecurity
8 months ago
Caesars Confirms Ransomware Payoff and Customer Data Breach
CERT-EU
a year ago
TALOS-2022-1658 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence