Cybercriminals are actively exploiting a two-year-old VMware vulnerability as part of a ransomware campaign targeting thousands of organizations worldwide.
Reports emerged over the weekend that VMware ESXi servers left vulnerable and unpatched against a remotely exploitable bug from 2021 were compromised and scrambled by a ransomware variant dubbed “ESXiArgs.” ESXi is VMware’s hypervisor, a technology that allows organizations to host several virtualized computers running multiple operating systems on a single physical server.
France’s computer emergency response team CERT-FR reports that the cybercriminals have been targeting VMware ESXi servers since February 3, while Italy’s national cybersecurity agency ACN on Sunday warned of a large-scale ransomware campaign targeting thousands of servers across Europe and North America.
U.S. cybersecurity officials have also confirmed they are investigating the ESXiArgs campaign. “CISA is working with our public and private sector partners to assess the impacts of these reported incidents and providing assistance where needed,” a CISA spokesperson told TechCrunch. “Any organization experiencing a cybersecurity incident should immediately report it to CISA or the FBI.”
Italian cybersecurity officials warned that the ESXi flaw could be exploited by unauthenticated threat actors in low-complexity attacks, which don’t rely on using employee passwords or secrets, according to the Italian ANSA news agency. The ransomware campaign is already causing “significant” damage due to the number of unpatched machines, local press reported.
More than 3,200 VMware servers worldwide have been compromised by the ESXiArgs ransomware campaign so far, according to a Censys search (via Bleeping Computer). France is the most affected country, followed by the U.S., Germany, Canada and the United Kingdom.
It’s not clear who is behind the ransomware campaign. French cloud computing provider OVHCloud backtracked on its initial findings suggesting a link to the Nevada ransomware variant.
A copy of the alleged ransom note, shared by threat intelligence provider DarkFeed, shows that the hackers behind the attack have adopted a “triple-extortion” technique, in which the attackers threaten to notify victims’ customers of the data breach. The unknown attackers are demanding 2.06 bitcoin — approximately $19,000 in ransom payments — with each note displaying a different bitcoin wallet address.
In a statement given to TechCrunch, VMware spokesperson Doreen Ruyak said the company was aware of reports that a ransomware variant dubbed ESXiArgs “appears to be leveraging the vulnerability identified as CVE-2021-21974” and said that patches for the vulnerability “were made available to customers two years ago in VMware’s security advisory of February 23, 2021.”
“Security hygiene is a key component of preventing ransomware attacks, and organizations who are running versions of ESXi impacted by CVE-2021-21974, and have not yet applied the patch, should take action as directed in the advisory,” the spokesperson added.
https://techcrunch.com/
government watchdog has published a scathing rebuke of the Department of the Interior’s cybersecurity posture, finding it was able to crack thousands of employee user accounts because the department’s security policies allow easily guessable passwords like ‘Password1234’. The report by the Office of the Inspector General for the Department of the Interior, tasked with oversight […]
LastPass’ parent company GoTo — formerly LogMeIn — has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems. The breach was first confirmed by LastPass on November 30. At the time, LastPass chief executive Karim Toubba said an “unauthorized party” had gained access to some customers’ information stored in a third-party cloud service shared […]
AS RUSSIA’S INVASION of Ukraine drags on, navigation system monitors reported this week that they’ve detected a rise in GPS disruptions in Russian cities, ever since Ukraine began mounting long-range drone attacks. Elsewhere, a lawsuit against Meta alleges that a lack of adequate hate-speech moderation on Facebook led to violence that exacerbated Ethiopia’s civil war. […]
Leave a Reply