Tech

Hackers are currently carrying out an international attack, update this software quickly

Deepak GuptaFebruary 7, 2023
0

Several thousand computer servers running VMWare are currently targeted by a ransomware campaign. A type of attack that we are likely to hear about more and more often.

A laptop screen with code in the shape of a skull / Credit: 123rf

On Sunday February 5, 2023, the Italian cybersecurity agency informed its international counterparts that thousands of computer servers are currently the target of a wave of attacks on a very large scale. hackers exploit a known flaw in the VMWare software for which a patch was released in February 2021, but which probably not all network administrators have installed. They thus take advantage of a weakness of the ESXi functionality offered by the virtualization tool.

To read – Ransomware: hackers paralyze a French hospital and demand 10 million euros

CERT-FR revealed the existence of a massive ransomware campaign. The latter currently targets servers using ESXi from VMWare, a virtualized hypervisor for embedded systems. Hackers would use these machines to install ransomware called ESXiArgs. Although VMWare editors have long been aware of this flaw listed under CVE-2021-21974and they have released the appropriate security update, many network administrators and hosts have not undertaken the appropriate updates. VMware recommends that its customers update their software.

Nearly 3200 servers worldwide have already been locked by this ransomware

According to the Italian authorities, servers would have been compromised in Italy, but also in France, in Finland, the United States and Canada and several dozen organizations could find themselves “ejected” from their own systems. The US Cyber ​​and Infrastructure Security Agency is assessing the extent of the damage caused by ESXiArgs. Many Italian Internet users say they had trouble connecting this Sunday, but according to the authorities, these cuts have no connection with the ransomware campaign.

ESXiArgs encrypts certain files on compromised ESXi servers and creates a ransom note in a text or HTML file. If, unfortunately, you are affected by this malware, you should inform the law enforcement authorities. According to Bleeping Computer, “All admins should check for the existence of a vmtools.py file and make sure to delete it immediately if necessary”.

Source : Bleeping Computer

We have other articles that may interest you:
  1. How To Fix Samsung Galaxy S8 Bluetooth Issues
  2. The Pirate Bay, Fmovies, Sci-Hub: traffic from pirate sites exploded in 2021
  3. iPhone SE 5G: this video shows how low its autonomy is
  4. They manage to upload an Intel Core i9-13900K to 6.1 GHz, beats the Threadripper 2990X
  5. World Cup 2022: the hunt for illegal streaming is on
  6. They manage to reach the maximum collection level in Marvel Snap: level 22,366!
Deepak GuptaFebruary 7, 2023
0

Related Articles

Twitter drops EU code of good practice against disinformation

May 28, 2023

Opera integrates TikTok among its services and extends the paid VPN to Opera GX

November 18, 2022

Be very careful with unofficial updates to Windows 11

April 18, 2022

Installing Windows 11 Pro will force you to use the Internet and a Microsoft account

February 18, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *