Helldown Ransomware: an overview of this emerging threat

Nov. 21, 2024, 9:53 a.m.

Description

Helldown is a new and highly active ransomware group that has claimed 31 victims in three months. It employs custom ransomware for Windows and Linux systems, engages in double extortion, and exploits vulnerabilities in Zyxel firewalls for initial access. The group exfiltrates large volumes of data, averaging 70GB per victim. Its Windows ransomware shares similarities with Darkrace and Donex variants. The Linux variant targets VMware ESX servers. While connections to other groups like Hellcat are unconfirmed, Helldown's success seems to rely on exploiting undocumented vulnerabilities rather than sophisticated malware. The group's rapid evolution and targeting of virtualized infrastructures make it a significant emerging threat.

External References

https://otx.alienvault.com/pulse/673e021362fa3f3fe48f058e
Tags
linux
ransomware
windows
data exfiltration
CVE-2024-42057
double extortion
2024-11-20
helldown
emerging threat
zyxel vulnerability
vmware esx

Date

  • Created: Nov. 20, 2024, 3:36 p.m.
  • Published: Nov. 20, 2024, 3:36 p.m.
  • Modified: Nov. 21, 2024, 9:53 a.m.

Attack Patterns

  • Helldown
  • Helldown

Additional Informations

  • Technology
  • France
  • United States of America