RansomHouse am See
Ransomhouse deploys a custom ransomware called Mario likely derived from leaked Babuk source code. Mario specifically targets ESXi hypervisors encrypting virtual machines to extort victims. The group uses a specialized tool named MrAgent to automate Marios mass deployment across large ESXi environments. MrAgent provides remote access to compromise hypervisors disable security controls and operate ransomware execution. MrAgents automation enables rapid encryption of hundreds of virtual machines. The tool gathers detailed hypervisor environment information to maximize damage. Ransomhouse can remotely configure MrAgent tracking ransomware deployment progress across infected hosts.