Helldown Ransomware: an overview of this emerging threat

SUMMARY :

Helldown is a new and highly active ransomware group that has claimed 31 victims in three months. It employs custom ransomware for Windows and Linux systems, engages in double extortion, and exploits vulnerabilities in Zyxel firewalls for initial access. The group exfiltrates large volumes of data, averaging 70GB per victim. Its Windows ransomware shares similarities with Darkrace and Donex variants. The Linux variant targets VMware ESX servers. While connections to other groups like Hellcat are unconfirmed, Helldown's success seems to rely on exploiting undocumented vulnerabilities rather than sophisticated malware. The group's rapid evolution and targeting of virtualized infrastructures make it a significant emerging threat.

OPENCTI LABELS :

ransomware,data exfiltration,linux,windows,double extortion,helldown,emerging threat,zyxel vulnerability,cve-2024-42057,vmware esx


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Helldown Ransomware: an overview of this emerging threat