Security News > 2022 > May > Cheers ransomware hits VMware ESXi systems

Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

"It is therefore a popular target for ransomware attacks Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

Once uploaded to and running on the ESXi server in a Linux environment, the Cheers ransomware runs a command to terminate all the running virtual machine processes using an esxcli command, and runs the code to encrypt data on the box.

Organizations need to be proactive when protecting systems against ransomware and other attacks, they wrote.

"If ransomware is a vector organizations fear, should they attempt to block all the entry vectors that ransomware - like water - seeks out? Or should organizations invest in data retention and replication scheme that prevents the ransomware's attack from impacting them?" .

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/26/vmware-cheers-ransomware/