![]() ![]() Fast forward to 2023 and these attacks have evolved to become mostly human-operated processes, carried out by multiple entities over several weeks. In the early days, ransomware attacks were conducted by single entities who developed and distributed massive numbers of automated payloads to randomly selected victims, collecting small sums from each “successful” attack. Thus, the damage is probably widespread, more than initially reported. But what can make the impact even more devastating is the use of these servers, on which other virtual servers are usually running. Cybercriminals exploited CVE-2021-21974, a flaw already reported in February 2021. This has certainly prompted them to invest in the development of such a powerful cyber weapon and to make ransomware so sophisticated.Īccording to our current analysis, the risk of this ransomware attack is not limited only the specific targeted service providers. The ransomware threat actors have realized how crucial Linux servers are for the systems of institutions and organizations. What makes the situation even more worrying is the fact that until recently, ransomware attacks were more focused on Windows-based machines. This massive attack on ESXi servers is considered one of the most extensive ransomware cyberattack ever reported on non-Windows machines. What do we know by now? Largest ransomware non-Windows attack on record On February 3rd, OVH released a blog saying that they closed off port 427 for their customers, to mitigate the threat. In many cases, customers then expose them to the internet and never patch. ![]() OVH offers bare metal machines with option to install ESXi on them. Using a specific Censys query, we can see there are already more than 1,900 of infected ESXi devices, while most of the victims are from OVH and Hetzner service providers. ESXi versions 7.x prior to ESXi70U1c-17325551.Who is affected ?Įveryone who is running Unpatched (CVE-2021-21974) ESXi machines, exposed to the internet with port 427.ĬVE-2021-21974 affects the following systems: VMware described the weakness as an OpenSLP heap-overflow vulnerability that could lead to the execution of arbitrary code. Here’s what you need to know and do What happened?įrench Computer Emergency Response Team and Italy’s national cybersecurity authority (ACN) officially warned organizations worldwide against a ransomware attack targeting thousands of VMware ESXI servers, exploiting a known vulnerability which was patched back in February 2021 (CVE-2021-21974).Īs these servers provide services to thousands of other servers, which they store, the impact seems to be widespread globally, affecting organizations in France, Finland, Italy, Canada and the US. VMware servers around the world suffer an extensive targeted ransomware attack, largest non-windows ransomware cyberattack on record. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |