SEXi Ransomware Rebrands as 'APT Inc.,' Keeps Old Methods

SEXi ransomware group, a cybercrime group that has targeted a variety of organizations in attacks that started in February of this year, has been operating under the name of APT Inc. since June.

The group uses a leaked Babuk encryptor to target VMware ESXi servers, and a leaked LockBit 3 encryptor to target Windows servers.

Now, having rebranded, the group continues to use its original methods of encryption as it wreaks havoc on new victims, requesting ransom demands that vary from thousands to millions dollars.

Some victims have publicly shared their experiences with the APT Inc. attacks, such are sharing ransom notes like the following:

"You got hacked! We are APT INC; Go to https://getsession[dot]org/; download & install; then add 05c5dbb3e0f6c173dd4ca479587dbeccc1365998ff9042581cd294566645ec7912 to your contacts and send us a message with this codename - - - > GARAKLY; You gave 1 week to pay, then your decryptor will be deleted," stated one ransom note. "The longer you wait the more money you will have to pay. Don't involve 3rd parties — they can't help you, they will charge you money for nothing, moreover, we always tell them to fuck off; Are you the admin? Talk to your boss right now !!!"

Currently, there are no known weaknesses to Babuk and LockBit 3 encryptors, and there is no free method to recovering the files.