RansomHouse, a ransomware group known for its double extortion tactics, has developed a new tool named ‘MrAgent’ to facilitate the widespread deployment of its data encrypter on VMware ESXi hypervisors.
Since its emergence in December 2021, RansomHouse has been targeting large organizations, although it hasn’t been as active as some other notorious ransomware groups. Nevertheless, it has been employing sophisticated methods to infiltrate systems and extort victims.
ESXi servers are a prime target for ransomware attacks due to their role in managing virtual computers containing valuable data for businesses. Disrupting these servers can cause significant operational damage, impacting critical applications and services like databases and email servers.
Researchers from Trellix and Northwave have identified a new binary associated with RansomHouse attacks, designed specifically to streamline the process of targeting ESXi systems. This tool, named MrAgent, automates the deployment of ransomware across multiple hypervisors simultaneously, compromising all managed virtual machines.
MrAgent is highly configurable, allowing attackers to customize ransomware deployment settings received from the command and control server. This includes tasks such as setting passwords, scheduling encryption events, and altering system messages to display ransom notices.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: