Summary: The content discusses the rebranding of the SEXi ransomware group to APT Inc. and their continued attacks targeting VMware ESXi servers and Windows servers using leaked encryptors.
Threat Actor: SEXi ransomware group | SEXi ransomware group
Victim: Various organizations | APT Inc.
Key Points:
- The SEXi ransomware group has rebranded as APT Inc. and continues to target organizations using leaked encryptors.
- They use a leaked Babuk encryptor to target VMware ESXi servers and a leaked LockBit 3 encryptor to target Windows servers.
- The group demands ransom payments that range from thousands to millions of dollars.
- Some victims have publicly shared their experiences and ransom notes from APT Inc.’s attacks.
_ronstik_alamy.jpg?disable=upscale&width=1200&height=630&fit=crop)
SEXi ransomware group, a cybercrime group that has targeted a variety of organizations in attacks that started in February of this year, has been operating under the name of APT Inc. since June.
The group uses a leaked Babuk encryptor to target VMware ESXi servers, and a leaked LockBit 3 encryptor to target Windows servers.
Now, having rebranded, the group continues to use its original methods of encryption as it wreaks havoc on new victims, requesting ransom demands that vary from thousands to millions dollars.
Some victims have publicly shared their experiences with the APT Inc. attacks, such are sharing ransom notes like the following:
“You got hacked! We are APT INC; Go to https://getsession[dot]org/; download & install; then add 05c5dbb3e0f6c173dd4ca479587dbeccc1365998ff9042581cd294566645ec7912 to your contacts and send us a message with this codename – – – > GARAKLY; You gave 1 week to pay, then your decryptor will be deleted,” stated one ransom note. “The longer you wait the more money you will have to pay. Don’t involve 3rd parties — they can’t help you, they will charge you money for nothing, moreover, we always tell them to fuck off; Are you the admin? Talk to your boss right now !!!”
Currently, there are no known weaknesses to Babuk and LockBit 3 encryptors, and there is no free method to recovering the files.
“An interesting youtube video that may be related to the article above”