Sexi

Malware Profile Updated 7 days ago
Download STIX
Preview STIX
SEXi is a malware that emerged at the intersection of two major ransomware trends: the proliferation of threat actors utilizing Babuk source code and a desire to compromise VMware EXSi servers. This ransomware, linked to a broader campaign impacting at least three Latin American countries, has been associated with the names Socotra, Limpopo, and Formosa, used in attacks on Chile, Peru, and Mexico respectively. The malware was first spotted by MalwareHunterTeam in February during an attack in Thailand, but it didn't carry the "SEXi" handle then. The malware gained notoriety when IXMETRO POWERHOST fell victim to a SEXi ransomware attack. PowerHost CEO Ricardo Rubem confirmed that a new ransomware variant had locked up the company's servers using the .SEXi file extension. The initial access vector to the internal network remained unknown. The attackers left a ransom note urging the company to download an app and send a message with the code "SEXi". Interestingly, the malware operators have chosen to communicate via Session, an end-to-end encrypted instant messaging application emphasizing user confidentiality and anonymity. SEXi ransomware group, which has been operating under the name of APT Inc. since June, targets a variety of organizations. Despite its increasing activity, there's no indication of where the malware operators originate from or what their intentions are. As of now, all three registered SEXi iterations have zero detections in VirusTotal (VT), indicating the development of a novel campaign using various SEXi versions that all trace back to the Babuk source code. This highlights the growing sophistication and adaptability of cybercriminals, making them an increasingly formidable threat to cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Babuk
1
Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Cybercrime
Ransomware
Vmware
Ransom
Malware
Linux
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ExsiUnspecified
1
EXSi is a malware that has been causing significant disruptions in the cyber world. This malicious software, designed to exploit and damage computer systems, infiltrates through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hol
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Sexi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
7 days ago
Vulnerabilities & Threats recent news | Dark Reading
DARKReading
7 days ago
SEXi Ransomware Rebrands as 'APT Inc.,' Keeps Old Methods
DARKReading
4 months ago
SEXi Ransomware Desires VMware Hypervisors