Security researchers have warned of two VMWare ESXi hypervisor flaws that use ransomware tapes to encrypt virtual disks.
Vulnerabilities CVE-2019-5544 and CVE-2020-3992 are present in the ESXi hypervisor, which allows multiple virtual machines (VMs) to share the same storage hardware. The errors concern the Service Layer Protocol (SLP), with which computers and other devices can find services in a local network without prior configuration.
Hackers have reportedly exploited the flaws to send malicious SLP requests to an ESXi device and take over it. Cyber criminals behind the RansomExx ransomware have been launching attacks since October 2020.
The cybercriminals have gained access to devices on corporate networks and are using this as a stepping stone to attack other ESXi VMs and encrypt virtual disks.
According to a Reddit post, hackers at the Supreme Tribunal de Justica in Brazil (Brazil’s equivalent to the Supreme Court) encrypted 1,000 VMs. Other…