A new strain of ransomware has been discovered

July 8, 2022 | Brigantia , Cybersecurity
Jack Poulter

Written by
Jack Poulter

RedAlert, also known as "N13V", is a new ransomware operation that encrypts VMWare ESXi servers running either Windows or Linux

What has happened?

Internally, the threat actors refer to their operation as "N13V," and the Linux encryptor was created specifically for the purpose of targeting VMware ESXi servers. The ransomware includes command-line options that allow threat actors to halt any active virtual machines before encrypting data.

When the ransomware is executed with the '-w' parameter, the Linux encryptor will use the following esxcli command to force the shutdown of all running VMware ESXi virtual machines.

When it comes to data encryption, the ransomware employs the NTRUEncrypt public-key encryption method. This technique supports a number of 'parameter sets,' each of which provides a different level of security.

redalert

The full report on this new strain by Heimdal can be found here. If you'd like to talk about how Brigantia can help protect you and your customers from ransomware, please contact me via the link below.

Book 1-1 with me

Recommended Reading

Making the most of Brigantia's support

At Brigantia, we are dedicated to empowering our partners to grow, build trust, and achieve success. Our ...

Brigantia: passing on values to a new generation

At Brigantia, we're dedicated to being a leading cybersecurity distributor, supporting over 1400 partners to ...

Adding value: the launch of our MSP toolkits

At Brigantia, we take our role as trusted advisors seriously. We're extremely proud of the partner community ...