@alwayscurious @BleepingComputer, even with an unpatched ESXi, having a webserver hosted on a VM exposed to the internet should be fine. Exposing unnecessary services to the internet, like the SLP protocol used by ESXi, or historically problematic services like RDP, is another matter. If you need remote access, at a minimum, put them behind a VPN. Reduce your risk by limiting what is publicly accessible.

@BleepingComputer, you could remove “until they are patched”. Please don't expose your ESXi servers to the internet.

@JohnHammond, your content is excellent, and I think it's good to see the process, rabbit holes and all. It makes for interesting and authentic content! I think we can be our own harshest critics. Keep up the excellent work! 👍

@civilized Unfortunately, paying would have the best chance to keep the data private. While they are criminals and cannot be trusted, they also run a ‘business’. Extorting money and releasing the information is not great for business as no one would pay if they didn’t keep their word: Rock and a hard place! What if we made it illegal to pay ransom demands? Reduce likelihood of criminals looking to extort money from Australian businesses?