Ransomware attacks targeting VMware ESXi infrastructure follow a set pattern, with threat actors gaining access through phishing attacks and known vulnerabilities, escalating privileges to compromise ESXi hosts or vCenter, and deploying ransomware. Organizations are advised to implement monitoring and logging, robust backup mechanisms, strong authentication measures, network restrictions, and hardening of the environment to mitigate these risks. Additionally, a campaign distributing trojanized installers for WinSCP and PuTTY via malicious ads on popular search engines has been reported, with tactical overlap with previous BlackCat ransomware attacks. New ransomware families, such as Beast, MorLock, Synapse, and Trinity, have also emerged, with the MorLock group targeting Russian companies specifically. Global ransomware attacks decreased by 15% in April 2024, with LockBit’s reign as the most victimized threat actor ending. Cybercriminals are promoting hidden virtual network computing and remote access services that could facilitate data exfiltration, malware deployment, and ransomware attacks. The rise of TMChecker is significant, lowering cost barriers for threat actors seeking high-impact enterprise access.
VMware-esxi.html”>Article Source
