Comment: widespread ransomware attack on vulnerable VMware ESXi installations
February 2023 by Stefan van der Wal, Consulting Solutions Engineer, EMEA, Application Security, Barracuda Networks
In response to the following news of a widespread ransomware attack on vulnerable VMware ESXi installations¬¬, we have a comment from Stefan van der Wal, Consulting Solutions Engineer, EMEA, Application Security, Barracuda Networks commented:
“The reported widespread ransomware attacks against unpatched VMware ESXi systems in Europe and elsewhere, appear to have exploited a vulnerability for which a patch was made available in 2021 – and this highlights how important it is to update key software infrastructure systems as quickly as possible. It isn’t aways easy for organizations to update software. In the case of this patch, for example, organizations need to disable temporarily essential parts of their IT infrastructure. But it is far better to face that than to be hit by a potentially damaging attack.
“Securing virtual infrastructure is vital. Virtual machines can be attractive targets for ransomware since they often run business-critical services or functions – and a successful attack could cause extensive disruption. It is particularly important to ensure that access to a virtual system’s management console is secured and can’t be easily accessed through a compromised account on the corporate network, for example.
“To fully protect virtual infrastructure, it is important to segregate it from the rest of the business network, ideally as part of a Zero Trust approach. Organizations deploying ESXi should update immediately to the latest version, if they haven’t already done so – and also do a full security scan of the servers to ensure they haven’t been compromised.”