Sexi

Malware updated 15 days ago (2024-11-29T14:09:44.953Z)
Download STIX
Preview STIX
SEXi is a new variant of malware, specifically ransomware, that has been used in cyberattacks since February 2024. It was first identified during an attack on IxMetro in April of the same year. The malware is associated with a cybercrime group known as APT Inc., which has been operating under this name since June. SEXi is unique in its effectiveness due to its ability to exploit niches where it can deploy its ransomware effectively. The group uses leaked variants of ransomware from other malware families, and although these groups often lack professionalism, they are still able to cause significant damage. The SEXi ransomware has targeted VMware's EXSi hypervisor platform, which runs on Linux and Linux-like OS and hosts multiple data-rich virtual machines. In the attacks, the ransom note typically instructs the victim to download an app and send a message with a specific code. Notably, the communication method specified by the actors in the ransom note is Session, an end-to-end encrypted instant messaging application emphasizing user confidentiality and anonymity. This communication method has not been commonly seen in relation to any major or serious cases before the emergence of SEXi. Despite the damage caused by the SEXi ransomware, there is currently no clear indication of the origins of the malware operators or their intentions. As of the last report, all three registered versions of SEXi had zero detections in VirusTotal (VT), indicating a high level of sophistication and evasion. The findings reveal the development of a novel campaign using various iterations of SEXi, all of which appear to lead back to another known ransomware variant, Babuk.
Description last updated: 2024-08-14T09:11:11.703Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Sexi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more