AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New wave of ransomware targets IT infrastructures

Cyber security on alert: new risks for virtualized infrastructures

MRAGENT is a new ransomware targeting VMware ESXi servers, operated by the RansomHouse cyber gang. These attacks threaten the security of corporate data and require protective measures such as backups and software updates.

This pill is also available in Italian language

The cybersecurity landscape is constantly grappling with new attack tools, recently a new threat has emerged that affects critical virtualized infrastructures. A new malicious tool, known as MRAGENT, appears to specifically target VMware ESXi servers, a world-leading hypervisor platform used to optimize IT resources and provide greater flexibility. This new type of ransomware was identified by research groups specialized in cyber-security, who detected a worrying ease of use in the tool, significantly increasing the risk of attacks even by inexperienced operators.

RamsomHouse: new cybercriminal organization

MRAGENT has been linked to RansomHouse, an emerging criminal organization in the ransomware industry. This collective has gained attention for their activity, highlighted by in-depth technical analyzes and detailed reports that signal their presence online. While some cyberattack organizations operate with a ransomware-as-a-service (RaaS) model, RansomHouse appears to adopt a more focused and controlled strategy in deploying its malicious assets, actively selecting targets and directly managing attacks.

Consequences for businesses: data integrity at risk

VMware ESXi servers manage a considerable volume of virtual machines (VMs) and data critical to daily business operations. A successful attack generated through MRAGENT could therefore have devastating consequences, putting the data integrity and operational continuity of the affected companies at risk. Compromising virtual infrastructure entails not only potentially huge financial losses but also significant reputational damage and could impact compliance with data privacy regulations, such as the General Data Protection Regulation (GDPR) in the European Union.

Mitigation and protection strategies

Faced with the escalation of such sophisticated threats, it is critical that organizations adopt proactive risk mitigation and system protection strategies. Performing regular, offline backups, segmenting the network, constantly updating systems and training staff on cybersecurity best practices are key measures to safeguard digital assets. Additionally, continuous monitoring of networks for signs of suspicious activity and rapid incident response are critical elements in the defense strategy against ransomware and other types of malware.

Follow us on Threads for more pills like this

02/16/2024 10:14

Marco Verro

Last pills

Zero-day threat on Android devices: Samsung prepares a crucial updateFind out how Samsung is addressing critical Android vulnerabilities and protecting Galaxy devices from cyber threats

CrowdStrike: how a security update crippled the tech worldGlobal impact of a security update on banking, transportation and cloud services: what happened and how the crisis is being addressed

Checkmate the criminal networks: the Interpol operation that reveals the invisibleFind out how Operation Interpol exposed digital fraudsters and traffickers through extraordinary global collaboration, seizing luxury goods and false documents

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report