RedAlert Ransomware Attacks Syredis: A Cybersecurity Perspective

Victim Profile

Syredis, an enterprise specializing in digital services for local and territorial collectivities, boasts over 20 years of expertise in optimizing their clients' information systems. The company provides a comprehensive range of services including virtualization, storage, telework solutions, data protection, infrastructure and network management, cloud services, and cybersecurity.

Vulnerabilities and Targeting

RedAlert ransomware specifically targets VMware ESXi servers, aiming to encrypt files associated with these virtual machines, such as log files, swap files, virtual disks, and memory files. The ransomware's propagation methods are diverse, including RDP configuration hacking, malicious spam emails, botnets, exploits, malicious ads, web injections, fake updates, and installers.

Impact and Response

Following data theft and file encryption, RedAlert demands a ransom in Monero (XMR) and threatens to publish the stolen data on their leak page if the ransom is not paid within 72 hours. Each folder receives a custom ransom note named "HOW_TO_RESTORE," detailing the stolen data and providing a link to a unique TOR ransom payment site.

Mitigation Strategies

To mitigate the risk of ransomware attacks, organizations are advised to implement comprehensive cybersecurity measures, including:

• Regularly backing up data and testing the recovery process
• Ensuring all software and systems are up-to-date
• Implementing strong access controls and multi-factor authentication
• Educating employees on cybersecurity best practices
• Monitoring networks for unusual activity
• Having a well-defined incident response plan in place

Sources

• Syredis. (n.d.). Le cloud computing au service des collectivités.
• SOCRadar. (n.d.). RedAlert Ransomware Targets Windows and Linux VMware ESXi Servers.