Cybersecurity

Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

alinemati1983-69874 days ago

56 sec read2 views0 listens

The analysis of this ransomware variant targeting ESXi servers reveals several key aspects:

Overview

Target: The ransomware specifically targets ESXi (Enterprise Server Virtual Infrastructure) environments, focusing on virtual machine disk files and other critical system files.
Encryption Method:
- Uses ChaCha8 encryption with unique keys for each file.
- RSA-4096 public key is embedded in the malware to encrypt the symmetric keys used by ChaCha8.
- Metadata containing encrypted keys, IVs, and markers (e.g., "KYBER", "CDTA", "ATDC") are appended to files.
Partial Encryption Strategy:
- Files under 1MB: Entire file is encrypted.
- Files between 1MB and 4MB: Only the first 1MB is encrypted.
- Files above 4MB: A calculated portion of each file is encrypted, controlled by a user-defined parameter (default value observed is 10%).

Workflow

Initial Steps:
- The ransomware binary replaces critical files to ensure that any interaction with the system presents the ransom note immediately.
  - /etc/motd for SSH access.

Read the full article at Rapid7 Blog

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

Contents

alinemati1983-6987Written by alinemati1983-6987

View all posts

CybersecurityFeb 2522 sec read

Nepali migrant workers influence polls, but can't vote

Overseas Nepali workers, who support their families and bolster Nepal's economy, are a key constituency in upcoming elections but cannot vote themselves. Their influence on domestic politics is significant through family recommendations and social me...

Ali Nemati

CybersecurityApr 628 sec read

METATRON - Open-Source AI Penetration Testing Assistant Brings Local LLM Analysis to Linux

A new open-source penetration testing framework called METATRON is gaining traction for its offline, AI-driven approach using a locally hosted large language model. This tool automates reconnaissance and analysis without cloud dependencies, offering ...

Ali Nemati

CybersecurityFeb 1637 sec read

Building an AI-powered defense-in-depth security architecture for serverless microservices

This document outlines a comprehensive security strategy for serverless applications built on AWS Lambda, focusing on six critical layers: network isolation, compute security, application front door, authentication, network segmentation, and credenti...

Ali Nemati

CybersecurityApr 256 sec read

Top 20 Best Digital Forensic Tools in 2026

Based on the provided information, here are summaries of five digital forensic tools: Magnet Forensics Overview: A popular digital forensics tool used for collecting, examining, and documenting digital evidence from various sources including desktop...

Ali Nemati

CybersecurityMar 3129 sec read

Oil slips, stocks rise as report says Trump willing to end war

Oil prices fell and most stock markets rose following a report that President Trump was considering ending the conflict with Iran even if the Strait of Hormuz remains closed. This development is crucial for investors as it indicates potential shifts ...

Ali Nemati

Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

Overview

Workflow

Related Articles

Nepali migrant workers influence polls, but can't vote

METATRON - Open-Source AI Penetration Testing Assistant Brings Local LLM Analysis to Linux

Building an AI-powered defense-in-depth security architecture for serverless microservices

Top 20 Best Digital Forensic Tools in 2026

Oil slips, stocks rise as report says Trump willing to end war