Yesterday large scale "ESXiArgs" ransomware attacks were carried out on VMware vSphere servers worldwide. Reports suggest that around 2,800 servers were targeted, though for a large part, the attacks were unsuccessful as many were able to recover their data. VMware, in its defense, stated that the exploit was not a new zero-day vulnerability as it had already patched the security flaw in 2021 itself.
On an advisory, VMware has reiterated the same and has shared its findings on the attack, advising customers to update their vSphere components and has provided additional resources to understand the cyberattack better:
We wanted to address the recently reported ‘ESXiArgs’ ransomware attacks as well as provide some guidance on actions concerned customers should take to protect themselves.
VMware has not found evidence that suggests an unknown vulnerability (0-day) is being used to propagate the ransomware used in these recent attacks. Most reports state that End of General Support (EOGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware Security Advisories (VMSAs).
With this in mind, we are advising customers to upgrade to the latest available supported releases of vSphere components to address currently known vulnerabilities. In addition, VMware has recommended disabling the OpenSLP service in ESXi. In 2021, ESXi 7.0 U2c and ESXi 8.0 GA began shipping with the service disabled by default.
Cybersecurity and Infrastructure Security Agency (CISA) has now also extended its hand for support in the matter by r ..
Support the originator by clicking the read the rest link below.
