Patch your VMware ESXi
Servers running the popular
virtualization hypervisor VMware ESXi have come under attack from at least one
ransomware group over the past week, likely following scanning activity to
identify hosts with Open Service Location Protocol (OpenSLP) vulnerabilities.
Specifically, threat actors have
been taking advantage of unpatched systems vulnerable to CVE-2020-3992 and CVE-2021-21974 that, when
exploited, can allow remote code execution.
Of the incidents observed thus
far, a ransomware-as-a-service (RaaS) group known as Nevada, appears to
be responsible ― although their ransom note shares many similarities with
Cheerscrypt, a ransomware threat that targeted ESXi in early- to mid-2022.