Under attack?
Close

Get in Touch

Contact us to learn more about our elite cybersecurity services and industry-leading technologies.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Close
Breachquest

Emergency Incident Assistance

Is your network under attack? Get in touch with a
BreachQuest Specialist right away with this form.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811
Contact for non-emergency Contact for non-emergency

Cheers

Cheers is a new ransomware group came into the spotlight by targeting vulnerable VMWare ESXi servers, which has been a recent focus of extortionists. A VMWare ESXi is a virtualization platform widely used in enterprise settings worldwide, so encrypting them typically causes severe disruption to a business’s operations. Once compromised, the threat actors launch the encryptor, which will automatically enumerate the running virtual machines and shut them down using an esxcli command. Each encrypted file will be left with a “.Cheers” extension appended to the filename. In the ransom note left on the victim’s screens, the group gives victims three days to contact them. If no contact is made, the group will publicly release data exfiltrated.

Go Back Go to Glossary index
Share this article:

Sign up for our newsletter to get more industry news and insights.

Related Resources

New ‘Cheers’ Linux ransomware targets VMware ESXi servers

Learn more

Ransomware Cheerscrypt targets VMware ESXi systems

Learn more