top of page

Massive Ransomware Campaign Affects Over 3,200 VMware Servers Worldwide

News is breaking that cybercriminals are actively exploiting a two-year-old VMware vulnerability as part of a large scale ransomware campaign targeting thousands of organizations worldwide. So far, more than 3,200 servers have been compromised.

VMware ESXi servers, a technology that allows companies to host several virtualized computers running multiple operating systems on a single server, were left vulnerable and unpatched against a remotely exploitable bug from 2021. As a result, the servers were compromised by a ransomware variant dubbed “ESXiArges.”

U.S. cybersecurity officials have confirmed that they are investigating the ransomware company. France, Germany, Canada and the U.K. have also been affected.

At this time, it is not clear who is behind the attack. Security experts from Titaniam and Cyber Security Works shared their insights on the incident and how organizations should prepare for similar threats.

Arti Raman

Arti Raman, CEO and founder, Titaniam (she/her)

“The reality today is that cybercriminals are exploiting any vulnerability they can find to infiltrate security systems, making it a matter of ‘when’ and not ‘if’ an organization will fall victim. As ransomware gangs become more aggressive in their tactics, so must enterprises with their cybersecurity tools.

Ransomware attacks occur in three major steps: infiltration, data exfiltration and system lockup. If cyberattackers succeed at any stage, they will then have further leverage that can be used to extort the victim. Organizations can invest in and use three major legs of cybersecurity to combat these stages:

  1. Detection and prevention technologies so that any ransomware attack can be stopped before execution or identified before major spread.

  2. Data security tools designed to prevent large-scale data exfiltration, such as encryption-at-rest, encryption-in-transit and encryption-in-use. Encryption-in-use is a powerful and innovative security tool that can reduce ransomware, extortion and other data-related attacks.

  3. Backup and recovery solutions can be considered a final line of defense. Should the attackers make their way inside internal systems, these can be recovered without paying expensive ransoms.

Enterprises cannot expect these solutions to work alone, however. They need all three to defend against the onslaught of ransomware attacks we will continue experiencing in 2023. By implementing this three-part defense, organizations can help to neutralize cyberattacker leverage in cases of ransomware exfiltration and extortion. “

Aaron Sandeen

Aaron Sandeen, CEO and co-founder of Cyber Security Works

“Organizations around the world, both public and private, have cause for concern about the latest VMware vulnerability exploits because ESXi is commonly integrated into enterprise digital infrastructure for everyday operations. Beyond the IT team, most executives and employees are unfamiliar with the underlying technical systems that power their organization. This is why a CISO is essential in documenting all technical assets to accurately communicate to leadership the level of cyber risk each opens the organization to.

Maintaining an ongoing list of technical assets helps IT teams structure their vulnerability enumeration priorities and catch vulnerabilities in their solution stack before they’re exploited by bad actors. VMware released a patch for this specific vulnerability two years prior and highlights the necessity of constant vulnerability management.” ###


bottom of page