CERT-FR, the French Computer Emergency Response Team (CERT-FR), as well as administrators and hosting providers, have issued a warning concerning new ransomware, called ESXiArgs, that has been discovered.
This vulnerability makes it possible for the attackers to deploy the ESXiArgs ransomware, which can have serious consequences for the affected servers and the data stored on them.
It is important for administrators and hosting providers to ensure that their VMware ESXi servers are patched and up-to-date to prevent such attacks.
Recently, there has been a new ransomware attack that has caught the attention of security experts. Upon analysis of the ransom notes left behind by the attackers, it has been determined that this attack does not seem to be related to the Nevada Ransomware.
Instead, the ransom notes appear to be from a completely different, or “new,” ransomware family. This discovery highlights the ever-evolving nature of cyber threats and the need for constant vigilance and updates to security measures.
After conducting a thorough review, the analyst has determined that the data in question has not been infiltrated. The investigation was prompted by an attack on a machine with over 500 GB of data stored on it, which showed typical daily usage of only 2 Mbps.
In order to validate this conclusion, the analyst also reviewed traffic statistics for the past 90 days. No evidence was found of any outbound data transfer.
There have also been reports that victims have found ransom notes on locked systems with the names “ransom.html” and “How to Restore Your Files.html”.
There are a number of systems affected by CVE-2021-21974, including:
As a result of analyzing the script and the encryption encryptor, we have gained a deeper understanding of the attacks. There are several files that are stored in the /tmp folder when the server is hacked:-
This security breach has affected dozens of Italy organizations and caused concern among many others. The incident involved a threat to lock these organizations out of their systems, and it is likely that many of them have already been affected.
In response to this situation, many more organizations have been warned to take action in order to avoid falling victim to this attack. The widespread nature of this incident has highlighted the importance of maintaining strong security measures to protect against similar threats in the future.
Network Security Checklist – Download Free E-Book
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…