The recent ransomware known as “VMware ESXiArgs” have been reported to be targeting out of date ESXi servers globally. The ransomware infects virtual machines, encrypting all of the data causing system and data to be inaccessible to users.
The first wave of attacks was seen on 3rd Feb and another wave of attacks were seen between 11th to 12th Feb. Although the direct causes are still being investigated VMware and security experts are advising customers to keep patch levels up to date on all VMware servers.
In particular, the known “heap-overflow” vulnerability in VMware’s OpenSLP service, CVE-2021-21974, can be exploited to gain access for attacks.
As this is over 2 years old many will have patched this however it is worth checking the ESXi versions which are said to be vulnerable to CVE-2021-21974:
- ESXi versions 7.x prior to ESXi70U1c-17325551
- ESXi versions 6.7.x prior to ESXi670-202102401-SG
- ESXi versions 6.5.x prior to ESXi650-202102101-SG
Some interesting facts:
- FBI and federal cyber security agency estimated approx. 3,800 servers were compromised worldwide due to the vulnerability (Source: CRN link)
- 500 hosts newly infected with ESXiArgs ransomware in France, Germany the Netherlands and the UK (Source: censys link)
- There could be up to 70,000 outdated VMware ESXi servers that are vulnerable and are in need of patches or upgrades (Source: Cybercube link)
What can be done?
- VMware have provided a “Ransomware Resource Center” website to provide more information to helping organisations to remain resilient (Source: VMware link)
- Ensure you have patched your ESXi to an appropriate tested patch level, if you are running on older 6.x versions (which has end of general support) then it is advised to upgrade to version 7 or 8. It is also worth reviewing if the hardware is also supported as well.
- Review and take action to the NIST Guidance related to ESXi vulnerabilities (Source: NIST link)
How Can We Help?
If you would like to learn more about how Ultima can support with protecting your VMware environment, we are offering you a free Data Centre Assessment to discuss how you can upgrade, deploy & migrate your estate.
Book your appointment here