• About
  • Privacy Policy
  • Contact
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
No Result
View All Result
Home Security

Conti ESXi ransomware strain could be run directly by an attacker, says Trellix

Howard Solomon by Howard Solomon
April 21, 2022
in Security
0 0
0
The Conti ransomware strain aimed at VMware’s ESXi hypervisor seems to be designed to be run directly by an operator, say researchers at Trellix. By comparison, Windows versions of the malware run independently, the researchers said in a report issued this week. This conclusion is part of an analysis of a sample of the ESXi variant of the ransomware, which Trellix got hold of earlier this month. The existence of an ESXi version of Conti isn’t new, but the sample Trellix acquired is the first it has seen in the wild. As part of the analysis, the researchers went back to last month’s trove of leaked Conti chat messages to find out the history of the variant. The capture of a sample of this variant, plus an analysis of the leaked chats, reinforces the conclusion of researchers that Conti developers continue to operate normally, with the group adding new victims to their blog on a regular basis, Trellix says. The first mention of a Conti locker for Linux in the leaked chat messages dates to the beginning of May, 2021, the Trellix report says. Around six weeks later, in mid-June 2021, one developer messaged another that the Linux build of the locker wasn’t ready yet. Perhaps, this person suggested, it should be tested it on a real case — but not a large company. In reply a developer said a large casino hack was almost finalized and suggested that could be the target. Based on this, Trellix believes an unnamed casino was hit with this strain in the summer of 2021. The messages show a fix was still required for the Linux variant until the beginning of February, with developers adjusting it for various ESXi versions, including the latest version 7.0 and higher. The Conti Linux variant decryptor — essential because that’s what victims buy — had some issues too. In July and August, 2021 a developer reported the provided decryptor did not remove the ransomware extension from the victim’s files. A gang member said the victim needed to manually change the extension of the encrypted files. However, because a large volume of files had to be processed, the developer was asked to rebuild the decryptor so that it automatically removes the extension from the decrypted files. Despite some problems, Trellix says the ESXi variant began being actively distributed in November, 2021. By examining the Conti leaks, researchers think victims have included law firms, the automotive sector, logistic companies, retailers and financial services. The chat messages suggest for one victim Conti set an initial ransom at US$20 million, but settled at US$1 million, mainly because something went wrong with the Linux variant lock and instead of 800 ESXi servers they managed to encrypt only 260 servers. Furthermore, the blog says, it seems that the victim did not want Conti’s decryptor, and Conti suspected they somehow managed to recover and restore their systems. “Targeting ESXi Hypervisors and its virtual machines is of special interest for criminals because the impact on the organizations they attack is huge,” said Trellix researchers. “Nowadays it is a common theme in the ransomware landscape to develop new binaries specifically to encrypt virtual machines and their management environments.” The post Conti ESXi ransomware strain could be run directly by an attacker, says Trellix first appeared on IT World Canada.
Tags: DIPrivacy & Securityransomwaresecurity strategiesTrellixVMWare

Subscribe

About Tech News Day

In just 10 minutes you will have all your leadership tech news needs covered. Our Editors browse the top tech news sites for you, get rid of the fluff and post summaries of the best. Our content is created by trained professionals and enhanced for IT leaders using leading edge artificial intelligence.

About

Tech Newsday

Tech News Day picks the new, most relevant tech stories.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways.

SUBSCRIBE

Categories

  • Artificial Intelligence
  • Auto Tech
  • Blockchain
  • Careers & Education
  • Channel Strategy
  • Cloud
  • Communications & Telecom
  • Companies
  • Data & Ananytics
  • Development
  • Digital Transformation
  • Distribution
  • Diversity & Inclusion
  • eCommerce
  • Emerging Tech
  • End User Hardware
  • Engineering
  • Financial
  • Fintech
  • Future of Work
  • Governance
  • Government & Public Sector
  • Human Resources
  • Infrastructure
  • IoT
  • Leadership
  • Legal
  • Legislation & Regulation
  • Managed Services & Outsourcing
  • Marketing
  • Martech
  • Medical
  • Mobility
  • Not for Profit
  • Open Source
  • Operations
  • People
  • Podcasts
  • Privacy
  • Security
  • Service
  • Smart Home
  • SMB
  • Social Networks
  • Software
  • Supply Chain
  • Sustainability
  • Today's News
  • Top Stories This Week
  • Women in Tech
  • Home
  • Today’s News
  • About
  • Privacy
  • Contact

2022 Tech News Day

No Result
View All Result
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News

2022 Tech News Day

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Why are you leaving?

About Tech News Day

Tech News Day is a daily publication featuring key daily news stories about technology and how it affects businesses. We know that you are busy and that there’s a lot of information coming at you. While there are lots of programs that will curate based on what you have already read or followed, Tech News Day picks the new stories that we feel are most relevant.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways. If you want to do a deeper dive and get even more information, we provide a link to at least one of the longer stories from one of our sources (we are often following stories from more than one source).

We also have a daily podcast, published each morning so that you can get the news stories of the day from wherever you get your podcasts.

We hope you find this to be useful to you in keeping up to date in these challenging times. We love your input and opinions. You can use our feedback widget to rate individual stories or you can write us at NewsDesk@technewsday.com.

Click Here

-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00