Ransomware Gang Rebrands as 'APT Inc.,' Keeps Old Methods

The cybercrime group demands ransoms of varying degrees, from thousands to even millions of dollars — in some cases, 2 bitcoin per encrypted customer.

Dark Reading Staff, Dark Reading

July 15, 2024

1 Min Read
People holding scissors to a red ribbon
Source: ronstik via Alamy Stock Photo

SEXi ransomware group, a cybercrime group that has targeted a variety of organizations in attacks that started in February of this year, has been operating under the name of APT Inc. since June.

The group uses a leaked Babuk encryptor to target VMware ESXi servers, and a leaked LockBit 3 encryptor to target Windows servers.

Now, having rebranded, the group continues to use its original methods of encryption as it wreaks havoc on new victims, requesting ransom demands that vary from thousands to millions dollars.

Some victims have publicly shared their experiences with the APT Inc. attacks, such are sharing ransom notes like the following:

"You got hacked! We are APT INC; Go to https://getsession[dot]org/; download & install; then add 05c5dbb3e0f6c173dd4ca479587dbeccc1365998ff9042581cd294566645ec7912 to your contacts and send us a message with this codename - - - > GARAKLY; You gave 1 week to pay, then your decryptor will be deleted," stated one ransom note. "The longer you wait the more money you will have to pay. Don't involve 3rd parties — they can't help you, they will charge you money for nothing, moreover, we always tell them to fuck off; Are you the admin? Talk to your boss right now !!!"

Currently, there are no known weaknesses to Babuk and LockBit 3 encryptors, and there is no free method to recovering the files. 

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights