A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The Linux encryptor is created to target VMware ESXi servers, with command-line options that allow the threat actors to shut down any running virtual machines before encrypting files.
RedAlert conducts double-extortion attacks, which is when data is exfiltrated from systems before being encrypted locally. This tactic allows cybercriminals greater leverage over their victims, enabling them to threaten the public release of sensitive data if a ransom is not paid. Currently, the RedAlert data leak site only contains the data of one organization, indicating that the operation is very new.
Acronis Cyber Protect Cloud keeps your systems safe with its Active Protection technologies, detecting and blocking even never-before-seen threats based on the malicious behaviors that they exhibit.