_ronstik_alamy.jpg?disable=upscale&width=1200&height=630&fit=crop "SEXi Ransomware Changes Name to APT Inc. while Maintaining Previous Tactics")
_ronstik_alamy.jpg?disable=upscale&width=1200&height=630&fit=crop&description=SEXi+Ransomware+Changes+Name+to+APT+Inc.+while+Maintaining+Previous+Tactics){kind=link}
The cybercrime group known as SEXi ransomware, now operating under the name APT Inc., has been wreaking havoc on organizations since February of this year. By rebranding themselves in June, the group continues to use their original methods of encryption, targeting VMware ESXi servers with a leaked Babuk encryptor, and Windows servers with a leaked LockBit 3 encryptor.
APT Inc. has been successful in their attacks, with ransom demands ranging from thousands to millions of dollars. Victims have shared their experiences with the attacks, revealing the chilling ransom notes they received. For example, one ransom note stated, “You got hacked! We are APT INC; Go to https://getsession[dot]org/; download & install; then add 05c5dbb3e0f6c173dd4ca479587dbeccc1365998ff9042581cd294566645ec7912 to your contacts and send us a message with this codename – – – > GARAKLY; You have 1 week to pay, then your decryptor will be deleted.” The note also warns against involving third parties and urges the admin to talk to their boss immediately.
Unfortunately, there are currently no known weaknesses to the Babuk and LockBit 3 encryptors, and there is no free method available to recover the encrypted files. This leaves victims of APT Inc. attacks in a difficult and costly situation as they try to navigate the demands of the cybercriminals.
The rebranding of the SEXi ransomware group to APT Inc. has not slowed down their malicious activities. In fact, they have continued to target new victims with their sophisticated encryption methods, causing chaos and financial losses for organizations around the world. As the group evolves and adapts to new security measures, it becomes increasingly challenging for victims to protect themselves and recover their encrypted data.
With no known vulnerabilities in the Babuk and LockBit 3 encryptors, organizations must prioritize cybersecurity measures to prevent falling victim to APT Inc. attacks. This includes regular security updates, employee training on phishing and other cyber threats, and implementing robust backup and recovery protocols to mitigate the impact of a potential ransomware attack.
As APT Inc. continues to operate under their new guise, organizations must remain vigilant and prepared to defend against the relentless onslaught of cyber threats. The stakes are high, and the consequences of a successful attack can be devastating. By staying informed and implementing proactive security measures, organizations can better protect themselves from falling prey to APT Inc. and other cybercriminal groups.