Photo by Afif Ramdhasuma on Unsplash
ESXi ransomware attacks
New Targets
Today, it hardly matters which operating systems are used on servers; the malware developers working in the background cover all the popular systems. Even specialist operating systems such as the VMware ESXi hypervisor have repeatedly been targeted by criminals. This article sheds light on the damage potential, pointing out ways to mitigate risk and actions to help prepare for an incident.
In many cases, you will hear about the benefits of virtualization, the added security that isolating individual machines can provide, and how easy it is to revert to previous versions at any time with snapshots. Modern ransomware and the behavior of the groups behind it have adapted to this kind of reasoning and the technology behind it. Today, malware is installed well ahead of the attack. The overhead required to analyze attacked infrastructures gives the attackers a clear advantage: They already know all the systems; the deployed software, including the security suites and backup applications; the login data; and areas of responsibility of the employees and their vacation planning.
Attacks on Hypervisors
Attempting to fight this professionalization on the part of the criminals are IT departments in small to large enterprises. Besides handling security, they are primarily responsible for the continuous operation of the infrastructure. In addition to the operating systems of the virtual machines (VMs), the hypervisors on which the VMs run have long been the focus of attackers. Most recently, ransomware named Cheerscrypt [1] grabbed the limelight about the middle of last year. It is based on the Linux variant of the Babuk malware and attacks VMware ESXi servers through known vulnerabilities and successively encrypts the files used by VMware.
In this case, the attack usually occurs by way of the hypervisor guests and a vulnerability in the
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia