Companies in Europe and the US using barebones servers with VMWare software particularly badly hit in ESXiArgs attack, as hackers target cloud vulnerability
Nearly 5,000 companies across Europe and the US have been hit by a ransomware attack called ESXiArgs, named after the cloud software loophole it exploits.
The ESXiArgs ransomware attack has become one of the most widespread on record, with hackers – nicknamed the Nevada Group – making ransom demands for as little as two bitcoins ($50,000).
ESXiArgs, which began three weeks ago according to the Financial Times, exploits a vulnerability in a piece of code supplied by US cloud software group VMware and which is ubiquitous in cloud servers.
French companies have been particularly badly hit, with 2,000 blindsided by ransomware demands.
Companies that used to keep data onsite with physical servers and simply copied that data into the cloud while keeping their physical servers running are most affected.
These older servers are mostly hosted on the cheapest service sold by Europe’s biggest cloud provider, OVHcloud, and accessed using VMware’s product.
OVHcloud said it was providing technical support to its customers and co-operating with law enforcement.
The compromised OVHcloud servers were rented by customers opting for “bare-metal servers” – essentially mirror copies of the data companies used to keep on-site, without any additional overlaid cybersecurity – which means they will have to be individually patched. This can take anywhere from a couple of hours to two days, according to one anonymous IT expert interviewed by the newspaper.
The Nevada Group hackers are thought to be a mixture of Russian and Chinese criminals working together.
CyberCube, a cyber risk analytics company, has said up to 70,000 outdated VMware ESXi servers could be hit as part of this ransomware campaign.
Ransomware attacks on the increase
The ESXiArgs attack comes at a time of rising ransomware attacks over the past 12 months. According to cloud security provider Hornetsecurity, one in five of all reported ransomware attacks have come in the past year, mostly from phishing expeditions.
And of those who have been attacked, roughly 7 per cent paid the ransom and 14 per cent lost data.
What to do if you’ve been hacked
VMWare has published a blog offering advice as to what to do if you’ve been hit in an ESXiArgs attack.
Related:
Top 10 most disastrous cyber hacks of the 2020s so far – This article takes a look at the top 10 most disastrous cyber hacks carried out on organisations in the 2020s, so far
Creating and rolling out an effective cyber security strategy – With cyber attacks continuing to evolve and occur more frequently, infiltrating companies big and small, establishing and rolling out a security strategy that encompasses office and remote working is paramount
Mitigating common network management security issues – While technology is key to securing networks, it’s integral that businesses have the right network management policies and procedures in place to avoid falling victim to cyber-attacks
