Helldown Ransomware Attacking VMware ESXi And Linux Servers

Helldown, a new ransomware group, actively exploits vulnerabilities to breach networks, as since August 2024, they have compromised 28 victims, leaking their data on a dedicated website. 

The ransomware group IS has updated its data leak site, removing three victims, possibly indicating successful ransom payments by continuing its double extortion tactic, stealing and threatening to leak data if ransom demands are not met.

It was active primarily in August and October and has compromised over 30 victims, including small and medium-sized businesses and larger organizations like Zyxel Europe, as their focus seems to have shifted between active attacks and tool development.

An analysis revealed that at least eight victims, including one compromised in early August, utilized Zyxel firewalls for IPSec VPN access during their breach, where two victims subsequently replaced their Zyxel firewalls post-compromise, as indicated by Censys historical data. 

Zyxel firewalls with v5 ...