SEXi (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

SEXi (Back to overview)

SEXi is a ransomware group that targets VMware ESXi servers, encrypting data and demanding ransom payments. They have been observed encrypting virtual machines and backups, causing significant disruptions to services. The group's name is a play on the word "ESXi," indicating a deliberate focus on these systems. SEXi has been linked to other ransomware variants based on the Babuk source code.

Associated Families

elf.sexi

References

2024-05-31 ⋅ Cybersecurity Insiders ⋅ Bogdan Glushko
Proven Data Restores PowerHost’s VMware Backups After SEXi Ransomware Attack
SEXi SEXi

2024-04-05 ⋅ DARKReading ⋅ Tara Seals
Ransomware Desires VMware Hypervisors in Ongoing Campaign
SEXi SEXi

2024-04-05 ⋅ Heimdal Security ⋅ Madalina Popovici
Powerhost’s ESXi Servers Encrypted with New SEXi Ransomware
SEXi SEXi

2024-04-04 ⋅ Twitter (@BushidoToken) ⋅ BushidoToken
Tweet about the SEXi Ransomware attack on IXMETRO POWERHOST
SEXi

Credits: MISP Project