At the beginning of the week, things were slow, but it quickly turned into a major ransomware disaster. On Friday morning, a new ransomware variant called ESXiArgs started attacking unpatched VMware ESXi servers, and the attack spread quickly. This was especially damaging because many companies use VMware ESXi to run their server infrastructure, meaning that one device could encrypt multiple servers at once. Some admins were able to recover their servers by rebuilding disks from flat files, but some reported that those files were also encrypted. Microsoft reported that over 100 threat actors were deploying ransomware, and LockBit created a new decryptor based on Conti. Additionally, REsecurity released a report on the Nevada ransomware-as-a-service, which is recruiting and preparing for future attacks. Tallahassee Memorial HealthCare, schools in Tucson, Arizona, and Nantucket, Massachusetts, and Arnold Clark all experienced cyberattacks, with Arnold Clark's being confirmed as a Royal ransomware attack. The ION Group was also hit with ransomware, disrupting the derivatives trading market. Finally, PCrisk found new variants of Chaos, Honkai, and DoDo ransomware. All in all, it was a busy week for ransomware, and we hope everyone has a safe and secure weekend.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 04 Feb 2023 00:47:03 +0000