September 3, 2024 at 09:54AM Cicada3301, a new ransomware variant, targets small to medium-sized businesses through opportunistic attacks. Written in Rust, it targets Windows and Linux/ESXi hosts and uses techniques similar to the now-defunct BlackCat operation. It encrypts files, manipulates system recovery, and compromises EDR detection. Its emergence may be connected to the demise of … Read more
August 28, 2024 at 07:39AM The BlackByte ransomware group has been found exploiting a recently patched security flaw in VMware ESXi hypervisors, and using vulnerable drivers to bypass security protections, according to a report from Cisco Talos. The group is also targeting various sectors and has been observed evolving its tactics to evade detection and … Read more
July 30, 2024 at 03:57PM CISA orders U.S. FCEB agencies to secure servers against VMware ESXi vulnerability exploited in ransomware attacks. VMware fixed flaw CVE-2024-37085, allowing attackers to gain admin privileges. Ransomware gangs exploit this to steal data, move laterally, and encrypt ESXi. Agencies have 3 weeks to secure systems under directive BOD 22-01. CISA … Read more
July 30, 2024 at 07:22AM Recent Microsoft news serves as a caution to not join VMware ESXi hypervisor to Active Directory due to a newly patched vulnerability, CVE-2024-37085. Exploiting this allows attackers to gain full control of an ESXi hypervisor, potentially causing data theft, network disruption, or ransomware deployment. Patches are available, and enhanced credential … Read more
July 30, 2024 at 02:12AM VMware ESXi hypervisors have been targeted by ransomware groups exploiting a recently patched security flaw, CVE-2024-37085, to gain elevated permissions and deploy file-encrypting malware. The flaw allows unauthorized administrative access, with attacks observed by various ransomware operators. Organizations are advised to update software, enforce two-factor authentication, and prioritize asset protection … Read more
July 29, 2024 at 02:48PM Ransomware groups are exploiting a critical vulnerability (CVE-2024-37085) in VMware ESXi hypervisors to gain full administrative access on domain-joined systems. Microsoft warns that known cybercriminal groups have already exploited this flaw to deploy ransomware. The issue was not initially recognized as being exploited in the wild when VMware released patches. … Read more
July 19, 2024 at 03:24AM The Play ransomware group has developed a new Linux variant targeting ESXi environments, with potential collaboration with Prolific Puma. The ransomware utilizes evasion techniques and custom-built tools. To mitigate the risk of attacks on ESXi environments, it’s recommended to implement strong access controls, network segmentation, regular backups, and security monitoring. … Read more
April 4, 2024 at 06:34PM A fresh Babuk ransomware variant called “SEXi” has targeted VMware ESXi servers, including a hit on IxMetro PowerHost in Chile. The attackers requested a $140 million ransom, but the CEO indicated it would not be paid. The attack is linked to a broader ransomware campaign, with related binaries and novel … Read more
March 6, 2024 at 03:15AM VMware has issued patches for four security flaws affecting ESXi, Workstation, and Fusion, including two critical bugs allowing code execution. The vulnerabilities, including use-after-free bugs in the XHCI USB controller, carry high CVSS scores. CVE-2024-22252 and CVE-2024-22253 were discovered by multiple security researchers and require immediate patching. Temporary workaround includes … Read more
February 15, 2024 at 01:57PM RansomHouse’s new tool ‘MrAgent’ automates deploying its data encrypter across multiple VMware ESXi hypervisors. This ransomware targeting large organizations maximizes impact by compromising critical applications and services. Custom configurations include scheduling an encryption event and altering the hypervisor’s monitor message. The tool’s adaptation for Windows systems demonstrates intent to extend … Read more