UPCOMING EVENT

Let's Meet during iFX EXPO International 2024 in Limassol, Cyprus (18-20 June)

Book a Meeting
  • +357 2425 0808
  • Login
  • English

Home

Blog

New Ransomware Targets VMware ESXi Serve...

New Ransomware Targets VMware ESXi Servers as of 3rd Feb 2023 – FIX Available

New Ransomware Targets VMware ESXi Servers as of 3rd Feb 2023 – FIX Available

NetShop ISP

NetShop ISP · Blog Author

Feb 04, 2023 · Security

NetShop ISP’s infrastructure security team has been informed about a new ransomware released today, 3rd of February 2023, affecting thousands of VMware ESXi servers around the world.

The attack affects VMware ESXi servers running on versions 7.0u3i and lower. As per cyber security experts announcement, a ransomware group is responsible for these attacks in Europe and worldwide, using CVE-2021-21941 vulnerability to target and compromise ESXi servers.

Whilst investigations are still on going, it is almost certain that the OpenSLP port (427) is being used by the attackers to gain access on the server and encrypt the Virtual Machines disks.

How To Protect ESXi Server from New Ransomware

Here is a quick check list of what you need to do to ensure your ESXi server remains intact from this ransomware attack.

  1. Disable the Openslpd service or restrict access to trusted IP addresses
    Read this VMware Knowledgebase Article on how to do this.
  2. Disable SSH service and Console Shell services
    To do so, login to ESXi Web UI, navigate to Host > Actions >Services.
  3. Update ESXi with the latest security patches available
  4. Disable any unnecessary services running on the ESXi server or restrict access to trusted IPs only
    To do so, login to ESXi Web UI, navigate to Manage > Services.

How To Recover ESXi VMs from Latest Ransomware

NetShop ISP customers with fully managed servers have not been affected as we have already in place those security best practices that help preventing such incidents.

Until a few hours ago, a handful of customers with self-managed ESXi servers reported to our support team they have been affected with this Ransomware. NetShop ISP’s infrastructure engineers have been able to mitigate the situation, recover the encrypted disks and make the VMs back online.

Need Help? We Can Help!

If you are an existing customer affected by this Ransomware please send a ticket/email to support at netshop-isp . com . cy. Our engineers are 24×7 online to assist you.

If you are NOT an existing customer and need NetShop ISP team’s help to resolve this, please send an email to customercare at netshop-isp . com . cy. We will get back to you promptly and help you recover your ESXi Server.

Please monitor this blog article as we will be publishing updates related to this matter.

Press Releases
74

Free VPS Trial

No Credit Card Required.

Recent Posts

MT5 Access Server for Forex Brokers: Virtual vs. Dedicated

MT5 Access Server for Forex Brokers: Virtual vs. Dedicated

14 June, 2024

How To Extend Root Partition using Home Partition space in CentOS

How To Extend Root Partition using Home Partition space in CentOS

30 May, 2024

NetShop ISP to Attend iFX EXPO International 2024 and Announce Global Infrastructure Expansion

NetShop ISP to Attend iFX EXPO International 2024 and Announce Global Infrastructure Expansion

23 May, 2024

TNFX Broker Partners with NetShop ISP to Offer Low-Latency Forex VPS to Traders

TNFX Broker Partners with NetShop ISP to Offer Low-Latency Forex VPS to Traders

14 May, 2024

How to Install Nginx, MySQL, PHP on Ubuntu 22.04 (LEMP)

How to Install Nginx, MySQL, PHP on Ubuntu 22.04 (LEMP)

10 May, 2024

#letushostyou

Award Winning Hosting Provider established in 2004.

120 Faneromenis Avenue, Imperial Tower, 2nd Floor, Larnaca 6031, Cyprus

Products

Bare Metal Servers

Customized Servers

Virtual / Cloud Servers

Forex VPS

Storage VPS

cPanel Web Hosting

Reseller Web Hosting

Colocation

Addons

Premium DNS

Email Hosting

Cloud Backup

DDoS Protection

Licenses

SSL Certificates

Domain Names

Premium SLAs

About Us

Data Center Locations

Looking Glass

Our Company

Contact Us

Careers in Cyprus

Become a Partner

Awards

Certifications

© 2024 S.S. NetShop Internet Services Ltd. All rights reserved.  Terms & Conditions  |  Privacy Policy
CY Reg. Number: HE 217340 | EU VAT Number: CY10217340J

Visa
Mastercard
PayPal
Revolut
Wire Transfer