ZDNet warns that at least one hack group is using vulnerabilities in VMWare ESXi to…
It is noted that this was one of the fastest attacks investigated by Sophos: it took about three hours from the moment of the hack to the deployment of the ransomware script.
The attackers compromised the victim’s network on a weekend night by logging into the TeamViewer account running on the device with domain administrator rights. Once they got online, the hackers started looking for additional targets with Advanced IP Scanner and logged into the ESXi server through the built-in ESXi Shell SSH service, which was accidentally left enabled (disabled by default). Then the ransomware operators executed a 6Kb script written in Python to encrypt the virtual disks and configuration files of all virtual machines.
Ransomware note from cybercriminals
Bleeping Computer notes that this is not the first time an attack on ESXi servers has occurred.
Let me remind you that we also said that Spammers flooded the PyPI repository with links to pirated movies.
News-xzaziwi.xyz is a site that tries to trick you into clik to its browser notifications…
News-qyrasy.cc is a site that tries to force you into subscribing to its browser notifications…
Allpurposenetwork.co.in is a site that tries to force you into clik to its browser notifications…
Tripleads.top is a site that tries to trick you into subscribing to its browser notifications…
Unveriumenflue.com is a domain that tries to trick you into subscribing to its browser notifications…
Windtrackr.site is a domain that tries to force you into subscribing to its browser notifications…