Security News > 2024 > July > Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks

Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks.
Ransomware groups have focused on creating lockers dedicated to encrypting ESXi VMs rather than targeting specific ESXi vulnerabilities that would provide them a quicker way of acquiring and maintaining access to a victim's hypervisors.
The Play ransomware group is the latest such operation to start deploying an ESXi Linux locker in their attacks.
"The number of Microsoft Incident Response engagements that involved the targeting and impacting ESXi hypervisors have more than doubled in the last three years," Microsoft warned.
New Play ransomware Linux version targets VMware ESXi VMs. SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks.
Linux version of RansomHub ransomware targets VMware ESXi VMs. Keytronic confirms data breach after ransomware gang leaks stolen files.
News URL
Related news
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- New SuperBlack ransomware exploits Fortinet auth bypass flaws (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)