{"id":7022,"date":"2023-09-18T10:52:54","date_gmt":"2023-09-18T10:52:54","guid":{"rendered":"https:\/\/fortgale.com\/blog\/?p=7022"},"modified":"2023-09-19T07:19:19","modified_gmt":"2023-09-19T07:19:19","slug":"7022","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/malware-analysis\/7022\/","title":{"rendered":"Server VMware ESXi – Ransomware Attacks in Italy"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n\n\n

VMware ESXi \n #Ransomware<\/a>: What is going on? What does the following code means?<\/p>\n\n\n\n

D6C324719AD0AA50A54E4F8DED8E8220D8698DD67B218B5429466C40E7F72657C015D86C7E4A<\/p>\n\n\n\n

In the last few hours, several sources have reported massive Ransomware-type<\/strong> activity against VMware ESXi<\/strong> servers exposed on a public network.\n
The activity currently appears to be conducted by at least 2 different criminal groups.<\/p>\n\n\n\n

\"RansomNote<\/figure>\n\n\n\n

How?<\/h2>\n\n\n\n

Both groups are exploiting a 2021 RCE vulnerability that allows malicious code (\ud835\udde5\ud835\uddee\ud835\uddfb\ud835\ude00\ud835\uddfc\ud835\uddfa\ud835\ude04\ud835\uddee\ud835\uddff\ud835\uddf2) to be launched remotely (CVE-\ud835\udfee\ud835\udfec\ud835\udfee\ud835\udfed-\ud835\udfee\ud835\udfed\ud835\udff5\ud835\udff3\ud835\udff0 )<\/p>\n\n\n\n

Current situation (4th of February)<\/h2>\n\n\n\n

There is currently massive hacking activity happening globally. Most of the compromised systems (around 500) were found to be in France.\n
The first server compromises emerge in Italy and Switzerland.<\/p>\n\n\n\n

Italy and Switzerland<\/h2>\n\n\n\n

From an analysis activity, there would appear to be around 600 vulnerable servers present in Italy, 300 in Switzerland.<\/p>\n\n\n\n

Other Information:<\/h2>\n\n\n\n

In the image an example of the security device placed by the criminal group inside a compromised server.<\/p>\n\n\n\n

The first steps to take at this juncture are: applying security patches and reducing the exposure of critical services to the public internet.<\/p>\n\n\n\n

To these should be added specific strategic assessments for securing critical systems such as a VMware server.<\/p>\n\n\n\n

Other Info: \n Fortgale<\/a>\n <\/p>\n\n\n\n

Our Services:<\/strong>\n Fortgale Cyber Defence<\/a>\n <\/p>\n\n\n\n

TOX_ID<\/strong><\/p>\n\n\n\n

D6C324719AD0AA50A54E4F8DED8E8220D8698DD67B218B5429466C40E7F72657C015D86C7E4A<\/p>\n\n\n\n

\n #cybersecurity<\/a>\n #vmware<\/a>\n #ESXiArgs<\/a>\n #italia<\/a>\n #svizzera<\/a>\n <\/p>\n\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

\n
\n
\n
\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n
\n
\n
<\/div>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

VMware ESXi  #Ransomware: What is going on? What does the following code means? D6C324719AD0AA50A54E4F8DED8E8220D8698DD67B218B5429466C40E7F72657C015D86C7E4A In the last few hours, several sources have reported massive Ransomware-type activity against VMware ESXi servers exposed on a public network. The activity currently appears to be conducted by at least 2 different criminal groups. How? Both groups are exploiting a […]<\/p>\n","protected":false},"author":12,"featured_media":4870,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2483],"tags":[283,2501],"class_list":["post-7022","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware-analysis","tag-ransomware","tag-wmare-esxi"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/7022","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=7022"}],"version-history":[{"count":11,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/7022\/revisions"}],"predecessor-version":[{"id":7039,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/7022\/revisions\/7039"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media\/4870"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=7022"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=7022"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=7022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}