Several governmental organisations and researchers report that an international ransomware attack targeting VMware ESXi hypervisors is expanding after infecting thousands of targets.
More than 3,200 servers in Canada, France, Finland, Germany, and the US have already been affected by the attack, which was originally detected late on February 3 by the French Computer Emergency Response Team (CERT-FR), according to Censys tracking.
An exploit for the Open Service Location Protocol (OpenSLP) service of the hypervisor’s two-year-old remote code execution (RCE) security vulnerability (CVE-2021-21974) serves as the point of compromise.
According to a Feb. 5 notification from French hosting company OVHcloud, which has clients hit by the attacks, the attack’s purpose appears to be the installation of a novel ransomware strain called “ESXiArgs,” albeit the gang behind it is unclear.
The alert states, “we [previously] made the assumption the attack was linked to the Nevada ransomware
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: