VMware vulnerability causes increase in ransomware attacks

406

All the corporate networks out there you better be aware of the incident where ransomware spreading threat actors are seen exploiting the vulnerabilities of VMware ESXi software.

RansomExx Gang is seen exploiting CVE-2019-5544 and CVE-2020-3992 virtual software infecting the machines on the network with the file encrypting malware.


So, companies using the said software are being requested to keep a tab on their virtual machines that are at a risk of getting encrypted soon.

According to the analysis presented by a security researcher named Kevin on Reddit, the vulnerability has been existing in the wild since October and the hackers are seen using the bugs to exploit Service Location Protocol (SLP) where an attacker is seen sending malicious SLP requests to VMware ESXi device to take control of it.

Sources reporting to Cybersecurity Insiders state that the same exploit is being used by those spreading Babuk Locker Ransomware and that was confirmed recently by Tokyo based intelligence firm KELA.

So storage admins who monitor the allocated storage spaces for virtual machines are being advised to keep their ESXi systems updated with the latest security fixes and to use SLP only when required and keep it disabled at other times.

Previously, ransomware spreading gangs like Ragnar Locker and Maze were found to exploit windows in virtual machines by other means. And now the news is out that the threat actors are also targeting VMs by exploiting vulnerability in VMware software.  

Note- A Ransomware is a kind of malware that locks down the database from access until a ransom is paid.