6 July 2022

New ransomware operation RedAlert puts victims on a "board of shame"


New ransomware operation RedAlert puts victims on a "board of shame"

Security researcher MalwareHunterTeam discovered a new ransomware operation called RedAlert (N13V). Cybercriminals behind the operation attack corporate networks and encrypt both Windows and Linux VMWare ESXi servers.

At this point, only one victim is listed on the operation’s data leak website titled "Board of shame". According to the gang’s post, they “have easily hacked corporate network” and syphoned more then 300GB of data, including employee information, social security numbers, driving licenses, financial documents, payrolls, banking statements, etc.

The threat actors claim that they’ve managed to download data from networks of victim’s customers. The links to these files will be published on "Board of shame" sometimes in the future.

As per the hackers, a poor security practices and a “low competence of system administrator” of the breached enterprise are to blame.

Unlike the most ransomware gangs which demand ransom payment in Bitcoin, RedAlert only accepts Monero privacy coins.

The Linux encryptor targets VMware ESXi servers. The malware has a command-line options to shut down any running virtual machines before encrypting files. Interestingly, RedAlert only encrypts files associated with VMware ESXi virtual machines, including log files, swap files, virtual disks, and memory files.

Back to the list

Latest Posts

Argentina's Judiciary of Cordoba targeted with ransomware

Argentina's Judiciary of Cordoba targeted with ransomware

The incident described as “worst attack on public institutions in history” impacted the agency’s website, digital services and databases.
16 August 2022
Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine

Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine

The group’s targets include defense and intelligence consulting companies, NGOs, IGOs, and higher education institutions.
16 August 2022
Russia-linked Gamaredon is continuing to target Ukrainian orgs with info-stealers

Russia-linked Gamaredon is continuing to target Ukrainian orgs with info-stealers

In the observed campaign the attackers leveraged a self-extracting 7-Zip file, which was downloaded via the system’s default browser.
15 August 2022