SEXi ransomware is a new ransomware, which is targeting virtual machines (VMs) and encrypting data. The first it was seen in April 2024, when this ransomware attacked a hosting firm named PowerHost. SEXi ransomware uses very advanced cryptography mixed encryption of ChaCha20, AES256, and RSA while encrypting files. The ransomware is backed by Lockbit ransomware group and they are targeting Vmware ESXI servers to encrypt data and backups. Moreover, this ransomware also encrypts Vaeem backups. The attackers provider session ID for the communication with the victims.
How Does SEXi Ransomware Attack?
SEXi ransomware is mostly targeting older Vmware Esxi servers, mostly 6.0 and earlier. They are exploiting vulnerabilities and rdps to gain access to the main server and data. The ransomware group encrypts the servers files by adding extension .SEXi of every file, for example, Sample.vmdk.SEXi, Sample1.nvram.SEXi, etc. Moreover, this ransomware is actively targeting educational departments such as universities, schools, and colleges. But, they are also targeting small and medium sized other business such as hosting companies, law firms, IT Companies, and others.
How to Decrypt SEXi Ransomware?
After doing a lot of research, our team found a bug in the servers of SEXi ransomware and created a decryptor for this ransomware. This ransomware decryptor is developed for ESXI Servers. The decryptor first scan the drives and servers, then start bypassing the private key of the ransomware and start decrypting files. The decryptor will take like 90 minutes to 1000 minutes to decrypt the data depending on the number of files and size. You can watch the video given below for demo usage of SEXi Decryptor.
What to do after recovery of SEXi Ransomware?
After recovering your files from the SEXi ransomware, you should follow the steps given below.
- Scan your entire network with a good antivirus.
- Update your Vmware Hypervisors and ESXI to latest version.
- Close the unwanted ports.
- Only access limited sites and set strict rules for network.
- Educate your staff.
- Only allow secure mailing system to contact with customers.
Conclusion:
In this article, we have discussed about the SEXi ransomware and its decryption tool developed by the team of Lockbit Decryptor. In addition, we have also discussed what steps to take after ransomware recovery and how to protect your network from ransomware attacks. Moreover, we have also talked about the SEXi ransomware victims and scope. However, if you have any questions, feel free to contact us in comments.
FAQs
How to Decrypt SEXi Ransomware?
You can use SEXi Ransomware Decryptor for Vmware ESXi Servers to decrypt the SEXi Ransomware.
How to identify SEXi Ransomware?
The best and easiest way to determine about the SEXi ransomware is the ransom note: If it contains Session ID ending with a Code > – NAME, it means it is SEXi ransomware variant.
How much the SEXi Decryptor costs?
Our SEXi Decryptor costs 5000 dollars, which is refundable in case if it doesn’t work.
How to pay?
Our Payment method is Bitcoins or Crypto as we are working on blockchain technologies.
Thank you very much for helping me.