VMware ESXi  #Ransomware: What is going on? What does the following code means?


In the last few hours, several sources have reported massive Ransomware-type activity against VMware ESXi servers exposed on a public network.
The activity currently appears to be conducted by at least 2 different criminal groups.

RansomNote ed ESXi (esxiArgs)


Both groups are exploiting a 2021 RCE vulnerability that allows malicious code (𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲) to be launched remotely (CVE-𝟮𝟬𝟮𝟭-𝟮𝟭𝟵𝟳𝟰 )

Current situation (4th of February)

There is currently massive hacking activity happening globally. Most of the compromised systems (around 500) were found to be in France.
The first server compromises emerge in Italy and Switzerland.

Italy and Switzerland

From an analysis activity, there would appear to be around 600 vulnerable servers present in Italy, 300 in Switzerland.

Other Information:

In the image an example of the security device placed by the criminal group inside a compromised server.

The first steps to take at this juncture are: applying security patches and reducing the exposure of critical services to the public internet.

To these should be added specific strategic assessments for securing critical systems such as a VMware server.

Other Info:  Fortgale

Our Services: Fortgale Cyber Defence



#cybersecurity #vmware #ESXiArgs #italia #svizzera

Take your cyber- defence to a new level!

Cybersecurity is of vital importance in today's digital landscape. Our innovative and tailored solutions provide impenetrable defense for businesses of all sizes.

More info here

Related articles

qr code phishing
In the ever-evolving landscape of cyber threats, threat actors are constantly seeking […]
Risks and Solutions How to protect and how to react The identification […]
Over the last week (26th of July 2021), CERT-AGID observed a malspam […]