Cheerscrypt Ransomware Attacks VMware ESXi Servers

ransomware

Cheerscrypt is a strain of ransomware that was spotted targeting VMware ESXi servers and using the typical double extortion approach that has become almost customary in ransomware over the past years.

Cheerscrypt operators first need elevated privileges on the ESXi server so that they can execute remote commands. It is not too clear how privileged shell access is gained, but once the threat actors have that, they send a command that shuts down all virtual machines on the server. Once the VM processes are shut down, the ransomware begins encrypting files.

A range of extensions and file types related to VMware are encrypted, including .vmdk, vmem, .vmsn and .vswp. Encrypted files get the .Cheers extension appended beyond their original one. Every directory Cheerscrypt scrambles files in gets a copy of the ransom note called "How to Restore Your Files.txt".

The note gives victims 3 days to pay the ransom and threatens stolen data will be leaked online and the ransom demand will grow if payment is not made on time.

VMware ESXi servers have been singled out as particularly lucrative targets because they are used by a number of large corporations and the threat actors can affect significant portions of the victim's infrastructure by compromising and encrypting a single physical system, meaning less work for the ransomware operators and maximum potential profit.

By Zaib
May 27, 2022
Ransomware
English
May 27, 2022
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Remove Sorryitsjustbusiness Ransomware

Sorryitsjustbusiness Ransomware is a threat whose attack looks devastating, but it might actually turn out to be one of the less dangerous file-encryption Trojans. Of course, this does not mean that you should... Read more

February 24, 2022
Ransomware

KTC Ransomware Attacks Could Have Devastating Consequences

The KTC Ransomware is a file-0locker, which has the ability to lock you out of your important files – documents, images, archives, videos, media, and others. It does this in order to offer to unlock your files – but... Read more

January 12, 2022
Ransomware

Black Basta Ransomware Gang Attacks American Dental Association

A new high-profile ransomware gang might be on the rise. Recently, the American Dental Association (ADA) was hit by a massive ransomware attack, which took down tons of their systems, while simultaneously encrypting... Read more

April 27, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.