Bad news for those who run VMware, as if they needed any more bad news that’s VMware related. Researchers at Trend Micro have discovered a Linux based malware that targets VMware ESXi servers:
We recently observed multiple Linux-based ransomware detections that malicious actors launched to target VMware ESXi servers, a bare-metal hypervisor for creating and running several virtual machines (VMs) that share the same hard drive storage. We encountered Cheerscrypt, a new ransomware family, that has been targeting a customer’s ESXi server used to manage VMware files.
Here’s why this is dangerous. It makes the job of ransomware attackers far easier because they can encrypt the VMware ESXi server and then encrypt every guest VM it contains. In effect it’s one shot pwnage for a threat actor. And that can be catastrophic for an enterprise. There’s really no specific mitigation strategies that are offered up by Trend Micro, but I have one. Have multiple backups and snapshots and store them off line so that they can’t get pwned. Also do regular test recoveries because Backus mean nothing if you can’t use them to recover from something like this.
Related
This entry was posted on May 29, 2022 at 3:13 pm and is filed under Commentary with tags Trend Micro, VMWare. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Trend Micro Discovers Linux Based Malware That Targets VMware Servers
Bad news for those who run VMware, as if they needed any more bad news that’s VMware related. Researchers at Trend Micro have discovered a Linux based malware that targets VMware ESXi servers:
We recently observed multiple Linux-based ransomware detections that malicious actors launched to target VMware ESXi servers, a bare-metal hypervisor for creating and running several virtual machines (VMs) that share the same hard drive storage. We encountered Cheerscrypt, a new ransomware family, that has been targeting a customer’s ESXi server used to manage VMware files.
Here’s why this is dangerous. It makes the job of ransomware attackers far easier because they can encrypt the VMware ESXi server and then encrypt every guest VM it contains. In effect it’s one shot pwnage for a threat actor. And that can be catastrophic for an enterprise. There’s really no specific mitigation strategies that are offered up by Trend Micro, but I have one. Have multiple backups and snapshots and store them off line so that they can’t get pwned. Also do regular test recoveries because Backus mean nothing if you can’t use them to recover from something like this.
Share this:
Like this:
Related
This entry was posted on May 29, 2022 at 3:13 pm and is filed under Commentary with tags Trend Micro, VMWare. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.