ESXiArgs ransomware targets VMware ESXi virtualisation systems – usually used by larger companies, data centres, cloud providers etc, but we have used this software in the past – and exploits a vulnerability that was patched by VMware two years ago. However it appears not everyone has applied the patches. Thousands of servers across the world are being reported as encrypted.
However the threat actors did not quite get their code right and a flaw means the servers can probably be recovered, if the particular circumstances apply to your systems and you put the work in to recover the data.
If you run this type of system then you check that whoever is responsible for patching has done their job.
This follows another active attack targeting VMware’s ESXi servers:
Linux version of Royal Ransomware targets VMware ESXi servers (bleepingcomputer.com)
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
Please Note:
I am on the road and away from the office, so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.
