ESXiArgs ransomware campaign against VMware ESXi servers

03/02/2023

Government agencies and CERTs in several countries have issued warnings about an active exploitation campaign against unpatched VMware ESXi servers affecting their countries, exploiting an old remote code execution (RCE) vulnerability to deploy a new ransomware called ESXiArgs.

These agencies inform organisations using VMWare servers to patch ESXi servers to a version not affected by the attacks or to disable the OpenSLP service. Additionally, CISA has published a tool on its GitHub profile to allow affected organisations to attempt to recover virtual machines locked by the ESXiArgs ransomware attacks.

References

03/02/2023

cert.ssi.gouv.fr

Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi
05/02/2023

governo.it

Attacco informatico, la nota di Palazzo Chigi
06/02/2023

twitter.com

Hilo de INCIBE-CERT
07/02/2023

github.com

CSIRTs Network - ESXiArgs ransomware (CVE-2021-21974)
03/02/2023

blog.ovhcloud.com

Ransomware targeting VMware ESXi
03/02/2023

bleepingcomputer.com

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide
06/02/2023

rapid7.com

Ransomware Campaign Compromising VMware ESXi Servers
06/02/2023

therecord.media

‘Massive’ new ESXiArgs ransomware campaign has compromised thousands of victims
07/02/2023

blog.qualys.com

Ransomware Targets Outdated VMware ESXi Hypervisors: Protect Your Systems Now!
15/02/2023

censys.io

The Evolution of ESXiArgs Ransomware

Etiquetas