One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8319880 |
| Date de publication | 2023-03-20 10:00:00 (vue: 2023-03-20 10:06:25) |
| Titre | Italian agency warns ransomware targets known VMware vulnerability |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. News broke in early February that the ACN, Italy’s National Cybersecurity Agency, issued a warning regarding a VMware vulnerability discovered two years ago. Many organizations hadn’t yet patched the issue and became the victims of a new ransomware called ZCryptor. The malicious software wreaked havoc on Italian and European businesses by encrypting users’ files and demanding payment for the data to be unencrypted. The ACN urges VMware users to ensure their systems are backed up and updated with the most recent security patches available. With ransomware on the rise, it’s crucial that businesses take the necessary steps to protect their data and applications. ESXiArgs ransomware attacks Ransomware is a type of malware or malicious software that enables unauthorized users to restrict access to an organization’s files, systems, and networks. But it doesn’t stop there. In exchange for the keys to the kingdom, attackers will typically require a large sum in the form of cryptocurrency. There are many ways that ransomware is executed on a target system. In this case, the attacker infiltrated VMware’s ESXi hypervisor code and held entire servers for ransom. According to reports most victims were required to pay almost $50,000 USD in Bitcoin to restore access to entire business systems. The nature of these attacks lead experts to believe that this is not the work of ransomware gangs, and is more likely being executed by a smaller group of threat actors. But that doesn’t mean the damage was any less alarming. Exploiting known vulnerabilities Hackers were able to infect over 2000 machines in only twenty-four hours on a Friday afternoon before the start of the weekend. But how were they able to work so fast? As soon as software developers and providers publish fixes for specific vulnerabilities, threat actors are already beginning their plan of attack. Fortunately, the ESXiArgs vulnerability was patched two years ago (CVE-2021-21974.) Organizations that have not run this patch are at risk of becoming a victim of the latest ransomware. Unfortunately, Florida’s Supreme Court, the Georgia Institute of Technology, Rice University, and many schools across Hungary and Slovakia have also become victims of this newest ransomware attack. CISA guidance for affected systems The US Cybersecurity and Infrastructure Security Agency (CISA) issued recovery guidance for the 3,800 servers around the world affected by the ESXiArgs ransomware attacks: Immediately update all servers to the latest VMware ESXi version. Disable Service Location Protocol (SLP) to harden the hypervisor. Make sure the ESXi hypervisor is never exposed to the public internet. The CISA also offers a script on its GitHub page to reconstruct virtual machine metadata from unaffected virtual disks. What organi |
| Envoyé | Oui |
| Condensat | $50 000 110 2000 2021 21974 800 able access according acn across actors addition additional adopt affected affecting after afternoon agency ago alarming all almost already also amount amounts another any anyone anything anytime application application’s applications apply are around article asap assets at&t attack attacker attackers attacks attacks: author automate automation available average avoid away backed basis became become becomes becoming been before beginning behaviors being believe best better big bitcoin boost broke business businesses but called can case cause chance changes cisa code comes common companies complete complexity concerns consuming content contribute costly court crucial cryptocurrency cve cves cybersecurity damage dark data datasets date decisions demand demanding deprecated developers development device devices difficult disable discover discovered disks does doesn’t dollars driven due each early easily effective efficiency enables encrypting end endorse endpoints ensure entire esxi esxiargs european ever every example exchange executed experts exploit exploiting expose exposed far fast faster february file files final fixes florida’s follow form fortunately four friday from gangs generate georgia get github globally goes going good group guidance hackers hadn’t happen hard harden harm have havoc held here hiding hours how hungary hypervisor immediately improve increases increasing individuals industry ineffective infect infiltrated information infrastructure inspect institute interface internet introduced isn’t issue issued issues it’s italian italy italy’s its keep keeping key keys kingdom know known large latest lead learn leaving left less life likely limits location lost machine machines maintenance major make making malicious malware manage managed management many mean means meet metadata might misconfigurations more most must national nature necessary need needs networks never new newest news not now number off offers often ongoing only operations optimal orchestrations ordinary organization organization’s organizations other out over overcome page partnering patch patched patches patching pay payment phase phased plan plays plus popular positions possible post prevent prioritize proactive problems process program protect protecting protocol provided provider providers public publish ransom ransomware rapidly reached recent reconstruct recover recovery regarding regularly released replace reports require required requires responsibility restore restrict retire rice rid rise risk role routine run running safe schedule schools script secure security servers service services several should side since skilled slovakia slp small smaller smoothly software solely something sometimes soon specific start stay steps stop strategy streamline success sum supreme sure system systems take takeaway target targets teams technology test tested testing than them these thoroughly thoughts thousands threat threats through time touches track transactions trillion twenty two type typically unaffected unauthorized unencrypted unfortunately university unpatched update updated updates urges usd user users users’ uses utilize various version very victim victims views virtual visibility vital vmware vmware’s vulnerabilities vulnerability vulnerable warning warns way ways weekend what when where will without won’t work world worth wreaked wrong years yet your zcryptor |
| Tags | Ransomware Malware Vulnerability Threat Patching Guideline |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.