A largescale cyberattack using ransomware has been aimed at VMware ESXi servers around the world

A malicious ransomware attack has been launched against thousands of servers running the VMware ESxi hypervisor, with many more expected to be affected, according to security experts and national cybersecurity agencies. The Computer Emergency Response Team of France was the first to detect the attack and send out an alert. It is believed that the attack is exploiting the CVE-2021-21974 vulnerability, which was patched on February 23, 2021. This vulnerability affects the Service Location Protocol service and allows attackers to execute arbitrary code remotely. The systems that are being targeted are ESXi hypervisors in version 6.x, prior to 6.7. Reports indicate that servers in France, Germany, Finland, the US and Canada have been compromised, with more than 3,200 servers affected globally. The ransomware note that has been sent to victims demands payment of 2.01584 to a bitcoin wallet, which is different in each ransom note. Security agencies are advising users and administrators to upgrade to the latest version of ESXi and restrict access to the OpenSLP service to trusted IP addresses. Additionally, a full system scan should be performed to detect any signs of compromise. It has been noted that developed countries are often targeted more frequently for ransomware attacks due to their access to resources and bitcoins, as well as their higher density of valuable targets.

This Cyber News was published on www.csoonline.com. Publication date: Mon, 06 Feb 2023 18:52:03 +0000

Cyber News related to A largescale cyberattack using ransomware has been aimed at VMware ESXi servers around the world

Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
1 year ago Hackread.com

Linux version of Qilin ransomware focuses on VMware ESXi - A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. Due to this adoption, almost all ransomware gangs have created dedicated VMware ESXi ...
1 year ago Bleepingcomputer.com

A largescale ransomware attack is targeting VMware ESXi servers around the world - Administrators, hosting providers, and the French Computer Emergency Response Team have warned that attackers are actively targeting VMware ESXi servers that have not been patched against a two-year-old remote code execution vulnerability to deploy ...
1 year ago Bleepingcomputer.com

A largescale cyberattack using ransomware has been aimed at VMware ESXi servers around the world - A malicious ransomware attack has been launched against thousands of servers running the VMware ESxi hypervisor, with many more expected to be affected, according to security experts and national cybersecurity agencies. The Computer Emergency ...
1 year ago Csoonline.com

No Signs of Unpatched Vulnerabilities Discovered in ESXiArgs Ransomware Attacks - VMware reported on Monday that there is no proof that hackers are using an unknown security flaw, also known as a zero-day, in its software as part of a ransomware attack. Most reports suggest that outdated products with known vulnerabilities that ...
1 year ago Thehackernews.com

Latest Information Security and Hacking Incidents - The ransomware strain Qilin has surfaced as a new danger to computers using VMware ESXi, which is a recent development in the cryptocurrency space. Concerned observers have expressed concern over the fact that this Qilin Linux version exhibits a ...
1 year ago Cysecurity.news

RansomHouse gang automates VMware ESXi attacks with new MrAgent tool - The RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors. RansomHouse is a ransomware-as-a-service operation that emerged in December 2021 ...
10 months ago Bleepingcomputer.com

A type of malicious software called Royal Ransomware designed for Linux systems is attacking VMware ESXi servers - The latest ransomware operation to target Linux devices is Royal Ransomware. It is specifically designed to encrypt VMware ESXi virtual machines. Other ransomware gangs, such as Black Basta, LockBit, BlackMatter, AvosLocker, REvil, HelloKitty, ...
1 year ago Bleepingcomputer.com

Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
9 months ago Feeds.fortinet.com

Ransomware Attack Exploiting an Outdated Vulnerability on Numerous VMware ESXi Servers - Recently, a large-scale ransomware attack has been targeting unpatched and unprotected VMware ESXi servers around the world. The attack, known as ESXiArgs, is exploiting a vulnerability called CVE-2021-21974, which was patched by VMware in February ...
1 year ago Securityweek.com

DP World confirms data stolen in cyberattack, no ransomware used - International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. The company says no ransomware payloads or encryption was used in the attack. On November ...
1 year ago Bleepingcomputer.com

The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
1 year ago Bleepingcomputer.com

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com

VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks - VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins ...
1 year ago Bleepingcomputer.com

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
11 months ago Bleepingcomputer.com

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
11 months ago Securityboulevard.com

VMware fixes critical code execution flaw in vCenter Server - VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps ...
1 year ago Bleepingcomputer.com

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
11 months ago Unit42.paloaltonetworks.com

Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
11 months ago Bleepingcomputer.com

Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
11 months ago Feeds.fortinet.com

VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
1 year ago Bleepingcomputer.com

Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
2 months ago Securelist.com

No Proof of Unpatched Vulnerabilities Being Used in ESXiArgs Ransomware Assaults VMware - VMware has warned customers to take action as unpatched ESXi servers are being targeted by ESXiArgs ransomware attacks. Hackers are exploiting CVE-2021-21974, a high-severity ESXi remote code execution vulnerability related to OpenSLP that was ...
1 year ago Securityweek.com

Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
10 months ago Securityboulevard.com

Nissan Australia cyberattack claimed by Akira ransomware gang - Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan. In a new entry added to the operation's date leak blog on December 22, Akira says that its operators ...
11 months ago Bleepingcomputer.com

Latest Cyber News

CVE-2024-12677 - 20 hours ago
CVE-2024-55471 - 21 hours ago
CVE-2024-56337 - 21 hours ago
CVE-2024-12840 - 21 hours ago
CVE-2024-55186 - 21 hours ago
CVE-2024-55470 - 21 hours ago
CVE-2024-10385 - 21 hours ago
CVE-2024-56353 - 22 hours ago
CVE-2024-56354 - 22 hours ago
CVE-2024-56355 - 22 hours ago
CVE-2024-56356 - 22 hours ago
CVE-2024-56349 - 22 hours ago
CVE-2024-56350 - 22 hours ago
CVE-2024-56351 - 22 hours ago
CVE-2024-56352 - 22 hours ago
CVE-2024-56348 - 22 hours ago
CVE-2024-40695 - 23 hours ago
CVE-2024-51466 - 23 hours ago
CVE-2024-28767 - 23 hours ago
CVE-2024-12014 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2020-6923 - 1 day ago
CVE-2024-54150 - 1 day ago
CVE-2024-55196 - 1 day ago
CVE-2024-56200 - 1 day ago
CVE-2024-12111 - 1 day ago
CVE-2024-49765 - 1 day ago
CVE-2024-52589 - 1 day ago
CVE-2024-52794 - 1 day ago
CVE-2024-53991 - 1 day ago
CVE-2024-7137 - 1 day ago
CVE-2024-7138 - 1 day ago
CVE-2024-7139 - 1 day ago
CVE-2024-11157 - 1 day ago
CVE-2024-11364 - 1 day ago
CVE-2024-12175 - 1 day ago
CVE-2024-12672 - 1 day ago
CVE-2024-12727 - 1 day ago
CVE-2024-12728 - 1 day ago
CVE-2024-12729 - 1 day ago
CVE-2024-54982 - 1 day ago