Introduction
In our crimeware reporting service, we analyze the latest crime-related trends we come across. Last month, we again posted a lot on ransomware, but we also covered other subjects, such as 1-day exploits. In this blogpost, we provide excerpts from these reports.
For questions or more information about our crimeware reporting service, please contact [email protected].
RedAlert / N13V: yet another multiplatform ransomware variant
RedAlert (aka N13V) is the latest in the multiplatform ransomware trend we described here and here. The difference this time, though, is that it is not written in a cross-platform language but in C — at least the Linux version that we could get our hands on, was. It does, however, explicitly support ESXi environments. For example, it has the command-line option “-w”, which stops running VMs, and it also searches for VMWare-based VMs as can be seen from the screenshots below.
Note the specific VMWare-related strings the malware looks for
Stopping VMs
Interestingly, the group mentions on their onion website that a decryptor is available on all platforms. Unfortunately, we could not get our hands on the other versions, so we don’t know whether the decryptor is written in a cross-platform language or not.
Another aspect that sets RedAlert apart from other ransomware groups is that they only accept payments in Monero. From a criminal ..
Support the originator by clicking the read the rest link below.
