Cheerscrypt
Cheerscrypt is a ransomware that was developed by Cinnamon Tempest and has been used in attacks against ESXi and Windows environments since at least 2022. Cheerscrypt was derived from the leaked Babuk source code and has infrastructure overlaps with deployments of Night Sky ransomware, which was also derived from Babuk.[1][2]
ID: S1096
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 18 December 2023
Last Modified: 15 April 2024
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1486 | 数据加密以实现影响 |
Cheerscrypt can encrypt data on victim machines using a Sosemanuk stream cipher with an Elliptic-curve Diffie–Hellman (ECDH) generated key.[2][1] |
|
| Enterprise | T1083 | 文件和目录发现 |
Cheerscrypt can search for log and VMware-related files with .log, .vmdk, .vmem, .vswp, and .vmsn extensions.[2] |
|
| Enterprise | T1489 | 服务停止 |
Cheerscrypt has the ability to terminate VM processes on compromised hosts through execution of |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G1021 | Cinnamon Tempest |