Agenda Ransomware targets VMware servers
A recent emergence in the cyber threat landscape has revealed the presence of a new variant of ransomware known as Agenda Ransomware, which has swiftly made its mark by targeting VMware ESXi servers worldwide. This variant, suspected to be a recent addition to the malware arsenal, has been active since 2022, causing concerns among cybersecurity experts.
Previously recognized under monikers such as Qilin or Water Galura, this particular strain of file-encrypting malware has primarily set its sights on servers operating within critical sectors like manufacturing, healthcare, and education. The impact has been felt notably in countries such as Canada, Argentina, the United States, Australia, Columbia, Indonesia, and India.
Findings from a study conducted by Trend Micro shed light on the modus operandi of this malicious software. It exploits Remote Monitoring and Management Tools like Cobalt Strike to infiltrate target systems. Once inside, it meticulously analyzes the infected device before deploying its ransomware payload, particularly focusing on VMware vCenter and ESXi servers.
Security analysts emphasize the critical importance for organizations to remain vigilant in the face of such threats. Key measures include closely monitoring administrative privileges, maintaining up-to-date software patches, conducting regular system scans, and educating employees about emerging cybersecurity risks. Additionally, maintaining secure backup data and implementing proactive measures against social engineering attacks are strongly advised.
It’s imperative to dispel the misconception that malware attacks are confined solely to Windows environments. The reality is that virtual and Linux environments are equally susceptible, as evidenced by the activities of Agenda Ransomware.
Over 17,000 Microsoft Exchange Servers in Germany are vulnerable to Cyber Attacks
According to a statement released by German Federal Office for Information Security (BSI) over 12% of approximately 45,000 Microsoft Exchange Servers are deemed vulnerable to cyber attacks. The BSI has sounded the alarm, attributing this vulnerability to the use of outdated software and hardware lacking support for the past 8-10 years.
The root cause of this vulnerability trend lies in the absence of software security updates for these servers, many of which are nearing obsolescence. While the responsibility lies with software companies to issue security patches, the onus also falls on individuals and organizations to deploy these updates within their environments. While auto-updates offer a convenient solution, some administrators opt for manual updating procedures due to security concerns.
