Security News > 2023 > February > Ransomware scum launch wave of attacks on critical, but old, VMWare ESXi vuln
France's Computer Emergency Response Team has issued a Bulletin D'Alerte regarding a campaign to infect VMware's ESXI hypervisor with ransomware.
Targets don't come much richer than ESXi - the bare metal hypervisor can afford access to many guest machines that run apps and store data.
Thankfully, the ransomware deployed in this attack is a bit crap.
Pem The encryption process is specifically targeting virtual machines files The malware tries to shutdown virtual machines by killing the VMX process to unlock the files.
VMware warned on February 2 of an Arbitrary file deletion vulnerability in version 17.x of its Workstation desktop hypervisor.
CVE-2023-20854 is rated 7.8/10 as "a malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed."
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/06/esxi_ransomware_campaign/
Related news
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (source)
- VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-03 | CVE-2023-20854 | Improper Privilege Management vulnerability in VMWare Workstation 17.0 VMware Workstation contains an arbitrary file deletion vulnerability. | 8.4 |