Hi All,
We are excited to share our latest blog on ESXiArgs Ransomware by Logpoint Security Researcher, Bibek Thapa Magar.
VMware ESXi hypervisor allows organizations to host multiple virtual systems on a single physical server. A global ransomware campaign named “ESXiArgs” is targeting VMware ESXi servers and exploiting a two-year-old vulnerability (CVE-2021-21974). The involvement of other CVEs has been speculated. In October 2022, a custom python backdoor was detected on a VMware ESXi server, which could run remote commands or launch a reverse shell. This backdoor may have a role in the infection routine.
Get research and analysis, insight, plus hints and tips, on how to mitigate ESXiArgs in the main blog below.