Security News > 2024 > July > Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks
Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks.
Ransomware groups have focused on creating lockers dedicated to encrypting ESXi VMs rather than targeting specific ESXi vulnerabilities that would provide them a quicker way of acquiring and maintaining access to a victim's hypervisors.
The Play ransomware group is the latest such operation to start deploying an ESXi Linux locker in their attacks.
"The number of Microsoft Incident Response engagements that involved the targeting and impacting ESXi hypervisors have more than doubled in the last three years," Microsoft warned.
New Play ransomware Linux version targets VMware ESXi VMs. SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks.
Linux version of RansomHub ransomware targets VMware ESXi VMs. Keytronic confirms data breach after ransomware gang leaks stolen files.
News URL
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)