SEXi - APT Inc ransomware - what you need to know - #SEXi
A new ransomware gang dubbed SEXi has been targeting VMware ESXi servers used by hosting providers, encrypting data and demanding substantial ransoms in Bitcoin. One of the most significant attacks was against Chilean data center IxMetro Powerhost, where the attackers encrypted servers and backups, disrupting hosted websites and services, and demanded a ransom of around $140 million. The CEO decided against paying based on law enforcement advice. The SEXi ransomware appends the .SEXi extension to encrypted files and leaves ransom notes instructing victims to contact the attackers via the Session messaging app, though it's unclear if they engage in data extortion. This campaign highlights the evolving threats targeting virtualization infrastructure and the importance of robust security measures.