Two ransomware strains have been modified to exploit vulnerabilities in the VMware ESXi hypervisor system released last week and to encrypt virtual machines (VMs).
The company fixed three critical bugs in its virtualization products last week. These included a heap buffer overflow bug in the ESXi bare metal hypervisor, as well as a bug that could have allowed hackers to run commands on the underlying operating system on which the vCenter Server resides.
Researchers with CrowdStrike have since learned that two groups known as the “Carbon Spider” and “Sprite Spider” have updated their weapons to specifically target the ESXi hypervisor as a result of these revelations. In the past, these groups targeted Windows systems as opposed to Linux installations in large-scale ransomware campaigns, also known as Big Game Hunting (BGH).
The attacks were successful. Affected victims, including organizations that are using virtualization to host many of their business systems on one …