A new strain of ransomware has been discovered

July 8, 2022 | Brigantia , Cybersecurity
Jack Poulter

Written by
Jack Poulter

RedAlert, also known as "N13V", is a new ransomware operation that encrypts VMWare ESXi servers running either Windows or Linux

What has happened?

Internally, the threat actors refer to their operation as "N13V," and the Linux encryptor was created specifically for the purpose of targeting VMware ESXi servers. The ransomware includes command-line options that allow threat actors to halt any active virtual machines before encrypting data.

When the ransomware is executed with the '-w' parameter, the Linux encryptor will use the following esxcli command to force the shutdown of all running VMware ESXi virtual machines.

When it comes to data encryption, the ransomware employs the NTRUEncrypt public-key encryption method. This technique supports a number of 'parameter sets,' each of which provides a different level of security.


The full report on this new strain by Heimdal can be found here. If you'd like to talk about how Brigantia can help protect you and your customers from ransomware, please contact me via the link below.

Book 1-1 with me

Recommended Reading

NHS hit by a ransomware attack on third-party software service provider

NHS hit by a ransomware attack on third-party software service provider.   A ransomware attack on a ...

An interesting twist in ransomware

You've probably heard about the recent ransomware attack on Wootton Upper School and Kimberly College, both ...

How a layered approach to security can help your customers save on cyber insurance

"An attacker only needs to succeed once to compromise their target, whereas the target must succeed 100 ...