RansomExx, a ransomware variant responsible for several high-profile attacks in 2020, has shown signs of further development and unhampered activity. The most recently reported development involves the use of newer variants adapted for Linux servers that effectively expanded its range to more than Windows servers.
Own monitoring efforts found RansomExx compromising companies in the United States, Canada, and Brazil, as well as the sustained activity of the Linux variant. This entry details our analysis of a RansomExx campaign that used IcedID as its initial access vector, Vatet loader as its payload delivery method, and both Pyxie and Cobalt Strike as post-intrusion tools. This combination of tools took only five hours to deploy the ransomware from its initial access.
Source: Trend Micro