Don’t worry; you won’t be transported to a visual recollection of Rod Stewart’s signature leopard-print pants.
Warning: several notorious cybercrime groups have been targeting VMware ESXi servers with attacks since February 2024.
ESXi is a type-1 hypervisor that enables organizations to reduce costs and streamline management by consolidating multiple physical or virtual servers onto a single, more efficient infrastructure.
Esxi is a popular choice among cloud providers and data centers that need to host thousands of virtual machines for their customers; however, it also has applications in healthcare, finance, education, and other industries.
That is right. In April, Chile’s IxMetro PowerHost, a provider of information centre and internet hosting services, suffered. The attackers demanded a staggering ransom of $140 million in cryptocurrency, specifically Bitcoin.
Isn’t it though? The ransomware group demanded 2 Bitcoins per PowerHost buyer whose data was encrypted, calculating the ransom accordingly.
It appears that the ransomware group calculated the demand by requiring two Bitcoins per buyer of PowerHost whose data was encrypted.
PowerHost’s CEO claims to have directly engaged with the hackers, denouncing their ransom demand as outrageously high, before steadfastly declining to acquiesce.
Files containing encrypted data are identified by the “.SEXi” extension appended to their filename. Digital information related to machines, including data stored on digital media such as disks, and backed-up files, is the primary focus.
A malicious payload, disguised as SEXi.txt, is surreptitiously injected into compromised applications.
The ransom note instructs targets to acquire the end-to-end encrypted communication platform, Session, and establish a connection with the perpetrators.
Unfortunately, this lack of access means that no freely available tools exist to recover encrypted data. Companies affected by SEXi ransomware attacks must fervently hope that they have created a reliable backup of their vital data, which remains untouched by the malicious actors.
I agree. The notion that attackers may also harbour such concerns is an intriguing one. Since the previous month, APT actors appear to have undergone a subtle rebranding effort, adopting the slightly less alarming moniker “APT Inc.” While this name change does entail a modification of their ransomware tactics, their operational modus operandi remains largely unchanged.
By implementing these measures, you’ll significantly bolster the security of your VMware ESXi environment and safeguard valuable data.
- Patches must be applied promptly to VMware ESXi programs to counteract vulnerabilities, thereby safeguarding against potential attacks.
- To enhance security, disable the default root account and establish distinct consumer accounts that provide customers with tailored access to features, allowing them to manage their own settings and permissions.
- Ensure that passwords are robust, resistant to both guessing and cracking, and uniquely formulated.
- Effectively track and record instances to identify and mitigate potential safety risks.
For additional recommendation, learn .
