All articles tagged with #vmware esxi
The cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in North America using social engineering and sophisticated tactics to deploy ransomware, potentially causing severe infrastructure disruptions. Organizations are advised to enhance security measures, including system hardening and monitoring, especially as VMware vSphere approaches end-of-life.
Scattered Spider hackers are targeting VMware ESXi hypervisors through social engineering tactics, gaining extensive control over virtualized environments, and deploying ransomware, with attacks progressing through multiple phases from initial access to data exfiltration, highlighting the need for enhanced security measures.
A new Linux variant of the TargetCompany ransomware, also known as Mallox, FARGO, and Tohnichi, is targeting VMware ESXi environments using a custom shell script to deliver and execute payloads. This variant ensures administrative privileges, exfiltrates data, and encrypts VM-related files, appending a ".locked" extension. The ransomware operation, active since June 2021, has primarily targeted database systems in Asia. Trend Micro attributes the latest attacks to an affiliate named "vampire" and recommends measures like enabling MFA, creating backups, and keeping systems updated.
A new ransomware-as-service (RaaS) called MichaelKors is targeting Linux and VMware ESXi systems, making it the latest file-encrypting malware to do so. Cybercriminals are increasingly targeting ESXi, which is a highly attractive target for modern adversaries due to its popularity as a widespread and popular virtualization and management system. The targeting of VMware ESXi hypervisors with ransomware to scale such campaigns is a technique known as hypervisor jackpotting. To mitigate the impact of hypervisor jackpotting, organizations are recommended to avoid direct access to ESXi hosts, enable two-factor authentication, take periodic backups of ESXi datastore volumes, apply security updates, and conduct security posture reviews.