December 9, 2023

Researchers have spotted the newly emergent MichaelKors ransomware-as-a-service operation has set its sights on VMware ESXi and Linux systems since last month,

As per the report, VMware ESXi and linux are similarly targetted by the ALPHV/BlackCat, ESXiArgs, LockBit, Play, Rook, Black Basta, Defray, and Rorschach ransomware gangs

VMware ESXi Hypervisors have been increasingly attractive targets for ransomware operations due to the lack of antivirus software or third-party agent support, as well as their widespread usage, inadequate network segmentation, and numerous in-the-wild security flaws.


VMware ESXi hypervisors, an attractive target, is that the software runs directly on a physical server, granting a potential attacker the ability to run malicious ELF binaries and gain unfettered access over the machine’s underlying resources.

Usimg the compromised credentials and gaining elevated privileges, either laterally moving through the network or escaping the confines of the environment via known flaws to advance their motives

VMware did note that its knowledge base article regarding antivirus and third-party agent deployment on ESXi Hypervisors is outdated and will be updated soon.

Organizations using VMware ESXi Hypervisors have been urged to restrict direct access to ESXi hosts, perform periodic ESXi datastore volume backups, activate two-factor authentication, and ensure timely security updates to prevent compromise amid the continued targeting of vulnerable instances.

This was reported by The Hacker News.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.