Security News > 2023 > February > Massive ransomware operation targets VMware ESXi: How to protect from this security threat
CVE-2021-21974 is a vulnerability affecting OpenSLP as used in VMware ESXi.
The French government's Computer Emergency Response Team CERT-FR was the first to raise an alert on ransomware exploiting this vulnerability on Feb. 3, 2023, quickly followed by French hosting provider OVH. Attackers can exploit the vulnerability remotely and unauthenticated via port 427, which is a protocol that most VMware customers do not use.
Figure A. The ransomware threat actor behind this attack is not known, as the malware seems to be a new ransomware.
The Babuk code that leaked in 2021 has been used to create other malware that often targets ESXi systems, but it seems too early to draw a definitive conclusion as to the attribution of that new malware, which has been dubbed ESXiArgs by security researchers.
The next step consists of reinstalling the hypervisor in a version supported by VMware - ESXi 7.x or ESXi 8.x - and applying all security patches.
Jan Lovmand, chief technology officer of BullWall, a cybersecurity firm focused on preventing ransomware attacks, told TechRepublic more about the vulnerability.
News URL
https://www.techrepublic.com/article/massive-ransomware-operation-targets-vmware-esxi/
Related news
- VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (source)
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Chinese 'connected' cars are a national security threat, says Biden (source)
- Keeping one step ahead of cyber security threats (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- Major shifts in identity, ransomware, and critical infrastructure threat trends (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- How new and old security threats keep persisting (source)
- Swiss cheese security? Play ransomware gang milks government of 65,000 files (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21974 | Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. | 5.8 |