New Ransomware Group Cicada3301 Targets VMware ESXi Hypervisors: Are Enterprises Safe?

A new ransomware group, Cicada3301, is specifically targeting VMware ESXi hypervisors. With encryptors for both Windows and ESXi, the group aims to maximize damage in enterprise environments. Researchers suggest Cicada3301 might be linked to the notorious ALPHV/BlackCat, known for its infamous heist on Change Healthcare.

3P
Published: September 2, 2024 2:38 pmAdded: September 2, 2024 at 8:11 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Just when you thought it was safe to go back into the hypervisor, Cicada3301 buzzes in, bringing ransomware chaos to VMware ESXi. Looks like the ransomware world’s got a new troublemaker, and it’s not here to play nice!

Key Points:

  • Cicada3301 targets VMware ESXi hypervisors with a new ransomware encryptor.
  • The group operates two encryptors: one for Windows devices and another for VMware ESXi.
  • The ransomware operation began in early June, recruiting affiliates by the end of the month.
  • Researchers suspect Cicada3301 might be a rebranded version or a fork of the notorious ALPHV/BlackCat group.
  • ALPHV/BlackCat previously made headlines for vanishing with a $22 million ransom from Change Healthcare.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?