AWARD WINNER

We've been recognized as "Best Hosting Provider of the Year"

Read More
  • +357 2425 0808
  • Login
  • English

Home

Blog

New Ransomware Targets VMware ESXi Serve...

New Ransomware Targets VMware ESXi Servers as of 3rd Feb 2023 – FIX Available

New Ransomware Targets VMware ESXi Servers as of 3rd Feb 2023 – FIX Available

NetShop ISP

NetShop ISP · Blog Author

Feb 04, 2023 · Security

NetShop ISP’s infrastructure security team has been informed about a new ransomware released today, 3rd of February 2023, affecting thousands of VMware ESXi servers around the world.

The attack affects VMware ESXi servers running on versions 7.0u3i and lower. As per cyber security experts announcement, a ransomware group is responsible for these attacks in Europe and worldwide, using CVE-2021-21941 vulnerability to target and compromise ESXi servers.

Whilst investigations are still on going, it is almost certain that the OpenSLP port (427) is being used by the attackers to gain access on the server and encrypt the Virtual Machines disks.

How To Protect ESXi Server from New Ransomware

Here is a quick check list of what you need to do to ensure your ESXi server remains intact from this ransomware attack.

  1. Disable the Openslpd service or restrict access to trusted IP addresses
    Read this VMware Knowledgebase Article on how to do this.
  2. Disable SSH service and Console Shell services
    To do so, login to ESXi Web UI, navigate to Host > Actions >Services.
  3. Update ESXi with the latest security patches available
  4. Disable any unnecessary services running on the ESXi server or restrict access to trusted IPs only
    To do so, login to ESXi Web UI, navigate to Manage > Services.

How To Recover ESXi VMs from Latest Ransomware

NetShop ISP customers with fully managed servers have not been affected as we have already in place those security best practices that help preventing such incidents.

Until a few hours ago, a handful of customers with self-managed ESXi servers reported to our support team they have been affected with this Ransomware. NetShop ISP’s infrastructure engineers have been able to mitigate the situation, recover the encrypted disks and make the VMs back online.

Need Help? We Can Help!

If you are an existing customer affected by this Ransomware please send a ticket/email to support at netshop-isp . com . cy. Our engineers are 24×7 online to assist you.

If you are NOT an existing customer and need NetShop ISP team’s help to resolve this, please send an email to customercare at netshop-isp . com . cy. We will get back to you promptly and help you recover your ESXi Server.

Please monitor this blog article as we will be publishing updates related to this matter.

Press Releases
65

Free VPS Trial

No Credit Card Required.

Recent Posts

NetShop ISP EMEA Tour Continues: Forex Expo 2023 in Dubai

NetShop ISP EMEA Tour Continues: Forex Expo 2023 in Dubai

25 September, 2023

How To Resolve cPanel Error “Cannot create account because it conflicts with an unmanaged MySQL database user”

How To Resolve cPanel Error “Cannot create account because it conflicts with an unmanaged MySQL database user”

13 September, 2023

NetShop ISP Triumphs as Best Hosting Provider of the Year at SiGMA CIS/Balkans Awards 2023

NetShop ISP Triumphs as Best Hosting Provider of the Year at SiGMA CIS/Balkans Awards 2023

08 September, 2023

How To Install MySQL 8.x on Windows Server 2022

How To Install MySQL 8.x on Windows Server 2022

04 September, 2023

NetShop ISP Attend iFX EXPO International 2023 in Cyprus

NetShop ISP Attend iFX EXPO International 2023 in Cyprus

28 August, 2023

#letushostyou

Award Winning Hosting Provider established in 2004.

Best iGaming Service ProviderISO Certified

120 Faneromenis Avenue, Imperial Tower, 2nd Floor, Larnaca 6031, Cyprus

Products

Bare Metal Servers

Customized Servers

Virtual / Cloud Servers

Forex VPS

Storage VPS

cPanel Web Hosting

Reseller Web Hosting

Colocation

Addons

Premium DNS

Email Hosting

Cloud Backup

DDoS Protection

Licenses

SSL Certificates

Domain Names

Premium SLAs

About Us

Data Center Locations

Looking Glass

Our Company

Contact Us

Careers in Cyprus

Become a Partner

Awards

Certifications

© 2023 S.S. NetShop Internet Services Ltd. All rights reserved.  Terms & Conditions  |  Privacy Policy
CY Reg. Number: HE 217340 | EU VAT Number: CY10217340J

Visa
Mastercard
PayPal
Bitcoin
Tether
Ethereum
Litecoin
Wise
Revolut
Wire Transfer