A new double-extortion ransomware variant targets VMWare ESXi servers, security researchers have found. The group behind it, named Cicada3301, has been promoting its ransomware-as-a-service operation since June. Once an attacker has initial access to a corporate network, they can copy and encrypt its private data using the Cicada3301 ransomware. They can then withhold the decryption key and threaten to expose the data on Cicada3310’s dedicated leak site to force the victim into paying a ransom. Cicada3301’s leak site has listed at least 20 victims, predominantly in North America and England, according to Morphisec. Businesses were of all sizes and came from a number of industries, including manufacturing, healthcare, retail, and hospitality. Sweden-based security company Truesec first became aware of the group when it posted on the cybercrime forum RAMP on June 29 in an attempt to recruit some new affiliates. However, BleepingComputer says it has been made aware of Cicada attacks as early as June 6. How the ransomware works Attackers gain entry by brute-forcing or stealing valid credentials and logging in remotely via ScreenConnect …