6 July 2022

New ransomware operation RedAlert puts victims on a "board of shame"


New ransomware operation RedAlert puts victims on a "board of shame"

Security researcher MalwareHunterTeam discovered a new ransomware operation called RedAlert (N13V). Cybercriminals behind the operation attack corporate networks and encrypt both Windows and Linux VMWare ESXi servers.

At this point, only one victim is listed on the operation’s data leak website titled "Board of shame". According to the gang’s post, they “have easily hacked corporate network” and syphoned more then 300GB of data, including employee information, social security numbers, driving licenses, financial documents, payrolls, banking statements, etc.

The threat actors claim that they’ve managed to download data from networks of victim’s customers. The links to these files will be published on "Board of shame" sometimes in the future.

As per the hackers, a poor security practices and a “low competence of system administrator” of the breached enterprise are to blame.

Unlike the most ransomware gangs which demand ransom payment in Bitcoin, RedAlert only accepts Monero privacy coins.

The Linux encryptor targets VMware ESXi servers. The malware has a command-line options to shut down any running virtual machines before encrypting files. Interestingly, RedAlert only encrypts files associated with VMware ESXi virtual machines, including log files, swap files, virtual disks, and memory files.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024