back to article Cheers ransomware hits VMware ESXi systems

Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months. ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The …

  1. Anonymous Coward
    Childcatcher

    Don't be complacent but ...

    "To pull this off, it appears miscreants have to achieve privileged shell access to the targeted ESXi hypervisor server, or otherwise gain the ability to run commands on the host."

    By default ssh is switched off on esxi. If you turn it on you are whinged at but you can turn the warning off.

    1. MrReynolds2U

      Re: Don't be complacent but ...

      There's both SSH and ESXi Shell (which I think is the one they are referring to).

      The article doesn't indicate whether they have compromised ESXi shell or are just using stolen credentials.

      In either case, it's best practise for both to be disabled and any UI or remote access limited by network and firewall rules. Plus if your version supports MFA, use it.

  2. Anonymous Coward
    Anonymous Coward

    Problem solved

    No longer need to hack into VMware, now that the hackers are buying it, they only have to hack Outbound.

    (in reference to Broadcom/CCP tossing cash around to buy the world + dog)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like