Cheerscrypt Ransomware

  |  Source: 
Trend Micro

Cheerscrypt Ransomware

Industry: N/A | Level: Tactical | Source: Trend Micro

Trend Micro's analysis has identified Linux-based ransomware named Cheerscrypt, targeting VMware ESXi servers. The ransomware terminates VM processes prior to its execution using ESXCLI, and noted by Trend Mirco "The termination of the VM processes ensures that the ransomware can successfully encrypt VMware-related files." The attackers utilize a double extortion model stealing and encrypting files encouraging victims to pay the ransom to avoid leaks. Encrypted files are renamed with a .Cheers extension.

Anvilogic Use Case:

  • VM Shut Down

Get trending threats published weekly by the Anvilogic team.

Sign Up Now