Nearly 5,000 businesses hit by ESXiArgs ransomware attack

Companies in Europe and the US using barebones servers with VMWare software particularly badly hit in ESXiArgs attack, as hackers target cloud vulnerability

Nearly 5,000 companies across Europe and the US have been hit by a ransomware attack called ESXiArgs, named after the cloud software loophole it exploits.

The ESXiArgs ransomware attack has become one of the most widespread on record, with hackers – nicknamed the Nevada Group – making ransom demands for as little as two bitcoins ($50,000).

ESXiArgs, which began three weeks ago according to the Financial Times, exploits a vulnerability in a piece of code supplied by US cloud software group VMware and which is ubiquitous in cloud servers.

French companies have been particularly badly hit, with 2,000 blindsided by ransomware demands.

Companies that used to keep data onsite with physical servers and simply copied that data into the cloud while keeping their physical servers running are most affected.

These older servers are mostly hosted on the cheapest service sold by Europe’s biggest cloud provider, OVHcloud, and accessed using VMware’s product.

OVHcloud said it was providing technical support to its customers and co-operating with law enforcement.

The compromised OVHcloud servers were rented by customers opting for “bare-metal servers” – essentially mirror copies of the data companies used to keep on-site, without any additional overlaid cybersecurity – which means they will have to be individually patched. This can take anywhere from a couple of hours to two days, according to one anonymous IT expert interviewed by the newspaper.

The Nevada Group hackers are thought to be a mixture of Russian and Chinese criminals working together.

CyberCube, a cyber risk analytics company, has said up to 70,000 outdated VMware ESXi servers could be hit as part of this ransomware campaign.

Ransomware attacks on the increase

The ESXiArgs attack comes at a time of rising ransomware attacks over the past 12 months. According to cloud security provider Hornetsecurity, one in five of all reported ransomware attacks have come in the past year, mostly from phishing expeditions.

And of those who have been attacked, roughly 7 per cent paid the ransom and 14 per cent lost data.

What to do if you’ve been hacked

VMWare has published a blog offering advice as to what to do if you’ve been hit in an ESXiArgs attack.


Top 10 most disastrous cyber hacks of the 2020s so farThis article takes a look at the top 10 most disastrous cyber hacks carried out on organisations in the 2020s, so far

Creating and rolling out an effective cyber security strategyWith cyber attacks continuing to evolve and occur more frequently, infiltrating companies big and small, establishing and rolling out a security strategy that encompasses office and remote working is paramount

Mitigating common network management security issuesWhile technology is key to securing networks, it’s integral that businesses have the right network management policies and procedures in place to avoid falling victim to cyber-attacks

Avatar photo

Tim Adler

Tim Adler is group editor of Small Business, Growth Business and Information Age. He is a former commissioning editor at the Daily Telegraph, who has written for the Financial Times, The Times and the...