Malware News The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,691
Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services.

Panera's massive IT outage last month that took down internal systems, the website, mobile apps, and phones was caused by a ransomware attack encrypting the company's virtual machines.

While the company has been able to restore servers from backups, it took almost a week for their systems to be restored.

Similarly, Omni Hotels suffered a massive outage, which took down the company's reservation system, phones, and door lock system. The outage was so severe that guests had to contact a hotel employee to be let into their rooms, as key cards did not work.

Omni Hotels confirmed a few days later that they suffered a cyberattack, with BleepingComputer learning that it was once again a ransomware attack encrypting the company's virtual machines. BleepingComputer has been told that Omni is restoring from backups as well.

This week, Chilean hosting provider IxMetro Powerhost also disclosed a ransomware attack where the threat actors encrypted the hosting company's VMware ESXI servers. These servers powered customers' virtual private servers (VPS), also bringing their websites down.

Unfortunately, they were not as lucky as Panera and Omni Hotels, as the threat actors also encrypted the company's backups. The threat actors behind this attack, known as SEXi, demanded two bitcoins per customer to receive a decryptor.

While virtual machine platforms, like VMware ESXi, make it much easier for enterprises to manage resources and servers, they have also become a very tempting target for ransomware gangs.

As a company's servers are now centrally located as virtual machines, threat actors can simply encrypt a single VMware server to perform massive disruption to a company's operations.

Admins must tighten security on their virtual machine platforms by applying the latest security updates to VM software and the host operating systems, using administrative credentials different from those of the Windows domain, and applying tighter access controls.

Today, the Chilean government’s CSIRT issued an advisory warning the enterprise to upgrade VMware software to the latest versions and offered advice on securing servers.

While attackers targeting virtual machines are nothing new, this week's attacks continue to show that they are critical IT systems that needs to be properly secured to prevent disastrous outages.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top