The RansomExx Ransomware Group Compromises Asteco Property Management

Background

The RansomExx ransomware group has reportedly compromised Asteco Property Management. The group allegedly exfiltrated and fully leaked 11.4 GB of the company data. Asteco is the leading full-service realty company in the Middle East with a drive to deliver high-quality, professional, and value-added services. Ever since its inception in 1985, Asteco has been recognized for its involvement with many of the projects that have defined the landscape and physical infrastructure of the Emirates.

RansomExx Group

RansomExx is one of the newest ransomware groups that is carrying out attacks across the globe. The ransomware gang has been in operation since 2018 but came into prominence in 2020 after infecting a variety of high-profile organizations such as Gigabyte and Starhub. RansomExx is used as a part of multi-stage ‘human-operated’ attacks targeting various entities. It is delivered as a secondary payload after an initial compromise of the targeted network. It is capable of disabling various security products for smooth execution on the infected machines, and has been found to infect mainly Windows systems, but current studies show this malware infects Linux systems as well by sharing similarities with its predecessor. The malware is usually delivered as a secondary in-memory payload without ever touching the disk. This makes it harder to detect.