Cheers, also known as Cheerscrypt, is a ransomware group that emerged in May 2022 with a Linux variant primarily targeting VMware ESXi servers, followed by a Windows variant in June 2022. The group is assessed with high confidence to be linked to 'Emperor Dragonfly,' a Chinese hacking group also tracked as Bronze Starlight by Secureworks and DEV-0401 by Microsoft. While operating under the guise of financially motivated ransomware, Cheerscrypt's activities are suspected to serve as a cover for Chinese government-sponsored cyber espionage campaigns. A distinguishing characteristic of Cheerscrypt is its derivation from leaked Babuk ransomware source code, but with a notable modification: it actively shuts down virtual machines using the 'esxcli' utility before proceeding with file encryption, a behavior not observed in the original Babuk ransomware. This group employs double extortion tactics, encrypting data and threatening public release of stolen information to compel ransom payments.

Paises afectados

URLs nuevas detectadas en IntelTracker