Kevin BeaumontFeb 3, 2023
I obviously don’t have my tweet thread any more to add to it, but somebody is doing automated destructive attacks on VMware ESXi with 2021 vulns. At the time, to their credit, VMware were very clear in customer comms that not patching could lead to ransomware. #ESXiArgs https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware.

BleepingComputer
Show threadKevin BeaumontFeb 3, 2023
I don’t yet have a sample of the payload, but I know they’re using automated deployment with internet scanning. #ESXiArgs
Show threadKevin BeaumontFeb 3, 2023
#ESXiArgs #ransomware looks to be impacting thousands of ESXi boxes, with the VMs below toast 😬
Show threadChris (Master of Potate) 🥔
@GossiTheDog Having an ESXi host reachable from the internet AND not patching it doesn't seem like a good idea....
Feb 3, 2023 at 9:12pmWeb
Show threaddaveyk00Feb 3, 2023
@chris @GossiTheDog and yet here we are
Show threadChris (Master of Potate) 🥔Feb 3, 2023
@daveyk00 @GossiTheDog some people go all in on the bad ideas.