NEW LOCATION

Olá Brazil Brazil NVMe-powered VPS Plans in Brazil Now Available.

Deploy Instantly
  • +357 2425 0808
  • Login
  • English

Home

Blog

New Ransomware Targets VMware ESXi Serve...

New Ransomware Targets VMware ESXi Servers as of 3rd Feb 2023 – FIX Available

New Ransomware Targets VMware ESXi Servers as of 3rd Feb 2023 – FIX Available

NetShop ISP

NetShop ISP · Blog Author

Feb 04, 2023 · Security

NetShop ISP’s infrastructure security team has been informed about a new ransomware released today, 3rd of February 2023, affecting thousands of VMware ESXi servers around the world.

The attack affects VMware ESXi servers running on versions 7.0u3i and lower. As per cyber security experts announcement, a ransomware group is responsible for these attacks in Europe and worldwide, using CVE-2021-21941 vulnerability to target and compromise ESXi servers.

Whilst investigations are still on going, it is almost certain that the OpenSLP port (427) is being used by the attackers to gain access on the server and encrypt the Virtual Machines disks.

How To Protect ESXi Server from New Ransomware

Here is a quick check list of what you need to do to ensure your ESXi server remains intact from this ransomware attack.

  1. Disable the Openslpd service or restrict access to trusted IP addresses
    Read this VMware Knowledgebase Article on how to do this.
  2. Disable SSH service and Console Shell services
    To do so, login to ESXi Web UI, navigate to Host > Actions >Services.
  3. Update ESXi with the latest security patches available
  4. Disable any unnecessary services running on the ESXi server or restrict access to trusted IPs only
    To do so, login to ESXi Web UI, navigate to Manage > Services.

How To Recover ESXi VMs from Latest Ransomware

NetShop ISP customers with fully managed servers have not been affected as we have already in place those security best practices that help preventing such incidents.

Until a few hours ago, a handful of customers with self-managed ESXi servers reported to our support team they have been affected with this Ransomware. NetShop ISP’s infrastructure engineers have been able to mitigate the situation, recover the encrypted disks and make the VMs back online.

Need Help? We Can Help!

If you are an existing customer affected by this Ransomware please send a ticket/email to support at netshop-isp . com . cy. Our engineers are 24×7 online to assist you.

If you are NOT an existing customer and need NetShop ISP team’s help to resolve this, please send an email to customercare at netshop-isp . com . cy. We will get back to you promptly and help you recover your ESXi Server.

Please monitor this blog article as we will be publishing updates related to this matter.

Press Releases
78

Free VPS Trial

No Credit Card Required.

Recent Posts

How To Extract Certificates and Private Key from .PFX file

How To Extract Certificates and Private Key from .PFX file

19 November, 2024

NetShop ISP CEO Stefano Sordini to Moderate Key Panel on Forex AI Automation at Cyprus Fintech Summit 2024

NetShop ISP CEO Stefano Sordini to Moderate Key Panel on Forex AI Automation at Cyprus Fintech Summit 2024

15 November, 2024

Preparing for the Daylight Saving Time (DST) Change: Essential Updates for MetaTrader 4/5 Platforms

Preparing for the Daylight Saving Time (DST) Change: Essential Updates for MetaTrader 4/5 Platforms

25 October, 2024

NetShop ISP Celebrates 20 Years of Innovation and Excellence in Hosting and Data Center Solutions

NetShop ISP Celebrates 20 Years of Innovation and Excellence in Hosting and Data Center Solutions

22 October, 2024

NetShop ISP Makes Waves at Forex Expo Dubai 2024: Showcasing Cutting-Edge Hosting for the Financial Services Industry

NetShop ISP Makes Waves at Forex Expo Dubai 2024: Showcasing Cutting-Edge Hosting for the Financial Services Industry

09 October, 2024

#letushostyou

Award Winning Hosting Provider established in 2004.

120 Faneromenis Avenue, Imperial Tower, 2nd Floor, Larnaca 6031, Cyprus

Products

Bare Metal Servers

Customized Servers

Virtual / Cloud Servers

Forex VPS

Storage VPS

cPanel Web Hosting

Reseller Web Hosting

Colocation

Addons

Premium DNS

Email Hosting

Cloud Backup

DDoS Protection

Licenses

SSL Certificates

Domain Names

Premium SLAs

About Us

Data Center Locations

Looking Glass

Our Company

Contact Us

Careers in Cyprus

Become a Partner

Awards

Certifications

© 2024 S.S. NetShop Internet Services Ltd. All rights reserved.  Terms & Conditions  |  Privacy Policy
CY Reg. Number: HE 217340 | EU VAT Number: CY10217340J

Visa
Mastercard
PayPal
Bitcoin
Tether
Ethereum
Litecoin
Wise
Revolut
Wire Transfer