Valéry Rieß-Marchive Feb 27, 2023
😬 Vous avez aimé la campagne de #cyberattaques avec le #ransomware dit #ESXiArgs ? Espérons que cela serve de gros coup de tocsin 🔔
Parce que la menace qui pèse sur les environnements virtualisés ne se limite pas à cet exemple, loin s'en faut. Faisons le point sur les différentes franchises qui s'attaquent à #ESXi. 🔽
Spoiler: elles sont nombreuses.
https://www.lemagit.fr/conseil/Ce-que-lon-sait-des-rancongiciels-pour-VMware-ESXi
Ce que l’on sait des rançongiciels pour VMware ESXi | LeMagIT

La menace des ransomwares concerne les infrastructures virtualisées avec l’hyperviseur ESXi de VMware depuis plusieurs années. Mais elle prend des formes différentes. Tour d’horizon.

LeMagIT
Erik AblesonFeb 24, 2023

If you're planning on running a single hosted baremetal ESXi server on the internet and want to avoid being caught by the next ESXiArgs, here’s a quick how-to:

https://infrageeks.com/post/2023-02-22.how-to-safely-run-esxi-on-the-internet/

https://infrageeks.com/post/2023-02-23.how-to-safely-run-esxi-on-the-internet-part-2/

#vmware #esxi #ovh #esxiargs #security

How to (safely) run ESXi on the internet

There’s been a lot of news lately about the ESXiArgs ransomware attacks on ESXi servers that could have been avoided. As with any product, it’s important to ensure that you keep up to date with all of the patches and upgrades, but since ESXi is a virtualisation system and rebooting it to apply a patch also means taking all of your virtual machines offline, people often put this off too long.

Infrageeks
Scripter Feb 22, 2023
ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
https://thehackernews.com/2023/02/esxiargs-ransomware-hits-over-500-new.html #Malware #Ransomware #ESXiArgs
ESXiArgs Ransomware Hits Over 500 New Targets in European Countries

ESXiArgs ransomware is spreading fast, infecting over 500 hosts in France, Germany, the Netherlands, the U.K., and Ukraine.

The Hacker News
securityaffairsFeb 16, 2023
Over 500 #ESXiArgs #Ransomware infections in one day, but they dropped the day after
https://securityaffairs.com/142336/cyber-crime/esxiargs-ransomware-infections.html
#securityaffairs #malware
Over 500 ESXiArgs Ransomware infections in one day, but they dropped the day after

ESXiArgs ransomware continues to spread in Europe, most of the recent infections were observed in France, Germany, the Netherlands, the UK, and Ukraine Researchers from Censys reported that more than 500 hosts have been infected in a new wave of ESXiArgs ransomware attacks, most of which are in France, Germany, the Netherlands, and the U.K.. […]

Security Affairs
acrypthash👨🏻‍💻Feb 15, 2023
There is a new ESXIArgs encryption routine that is out now to prevent the decryption from the tool CISA released. Update and get your hypervisors off the internet!
#security #cisa #esxiargs #encryption
Julian-Ferdinand VögeleFeb 13, 2023
After an approximately 3-fold increase in #ransomware targeting ESXi between 2021 and 2022, and the recent #ESXiArgs campaign raging globally, this report comes very timely, identifying and describing #detections for various TTPs seen prior to the dropping of the payload: https://www.recordedfuture.com/in-before-the-lock-esxi
In Before The Lock: ESXi | Recorded Future

Insikt Group examines a 3-fold increase in ransomware targeting ESXi, with offerings available from many groups, including ALPHV, LockBit, and BlackBasta.

Opalsec Feb 12, 2023

This week's newsletter is hot off the press, get it here: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16

The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

#RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

#BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

Happy reading, and happy Monday!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16

#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi

SOC Goulash: Weekend Wrap-Up

06/02/2023 - 12/02/2023

Opalsec
Eric MARLIEREFeb 12, 2023
Le rançongiciel ESXiArgs évolue et accroît l’urgence pour les administrateurs système d’implémenter les correctifs rapidement après leur publication, lesquels correctifs ne sont qu’une ligne de défense supplémentaire.
https://fr.techtribune.net/securite/une-nouvelle-variante-esxiargs-ransomware-emerge-apres-la-publication-de-loutil-de-decryptage-par-cisa/586135/
#Cybercriminalité #rançongiciel #ESXiArgs #OVH #Cybersécurité
Une Nouvelle Variante ESXiArgs Ransomware émerge Après La Publication De L'outil De Décryptage Par CI ...

11 février 2023Ravie LakshmananRançongiciels / Sécurité des terminaux Après que la Cybersecurity and Infrastructure Security Agency (CISA) des États-Unis ait publié un décrypteur permettant aux victimes concernées de se remettre des attaques de rançongiciels ESXiArgs, les acteurs de la menace ont rebondi avec une version mise à jour qui crypte davantage de données. L'émergence de

Fr Tech Tribune
runZero, IncFeb 10, 2023

VMware ESXi is in the news thanks to ESXiArgs, a strain of ransomware affecting a two year old overflow issue in the OpenSLP service. The best course of action is patching your ESXi servers as soon as possible. Our latest blog post covers the vulnerability and includes a prebuilt query to help you zero in on ESXi servers.

Check out the link below for more!

https://www.runzero.com/blog/finding-vmware-esxi-assets/?utm_source=mastodon&utm_medium=social&utm_campaign=rapidresponse-esxi

#vmware #esxiargs #ransomware #cybersecurity

Finding VMware ESXi assets

This Rapid Response post covers ESXiArgs, a new strain of ransomware that is targeting VMware ESXi servers. Learn how you can find potentially affected servers on your network.

runZero
Shane PinnellFeb 10, 2023

Having worked in IT for K-12 schools, things like the #ESXiArgs cyberattack would keep me up at night.

https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware.

BleepingComputer