Synopsis
“VMware ESXi hypervisors which are bare-metal hypervisors that install directly onto physical servers are the target of a new wave of attacks made to place ransomware on compromised systems.”
VMware is a top-notch provider of multi-cloud services for all apps, allowing digital innovation with enterprise control. The VMware ESXi hypervisors which are bare-metal hypervisors that install directly onto physical servers are the target of a new wave of attacks made to place ransomware on compromised systems.
The Computer Emergency Response Team (CERT), France said on Friday, “These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021,”.
Also Read, OpenAI ChatGPT Plus Version will Accessible $20 Monthly
VMware in its released alert explained the issues as an OpenSLP heap-overflow exposure that could cause the execution of arbitrary code.
The virtualization services provider noticed, “A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution,”.
Resecurity, a California-based cybersecurity company said in January, “The actors are inviting both Russian- and English-speaking affiliates to collaborate with a big number of Initial Access Brokers (IABs) in [the] dark web.
Notably, the group behind the Nevada Ransomware is also buying compromised access by themselves, the group has a dedicated team for post-exploitation, and for conducting network intrusions into the targets of interest.”
Although, Bleeping Computer, an information security and technology news publication said that the ransom notes seen in the attacks do not resemble Nevada ransomware, adding the strain is being tracked under the name ESXiArgs.
OVHcloud, a French cloud services provider said that these Ransomware attacks are discovered across the globe mainly focusing on Europe to disrupt its cybersecurity power. It is speculated that these ransomware attacks are done with Nevada, a Rust-based ransomware strain that surfaced on the scene in December 2022.
Hive, Luna, BlackCat, RansomExx, Nokoyawa, and Agenda are other ransomware families that have embraced Rust in recent months.