• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

CISA Releases Recovery Tool for VMware Ransomware Victims

You are here: Home / General Cyber Security News / CISA Releases Recovery Tool for VMware Ransomware Victims
February 8, 2023

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new script developed to assistance ransomware victims recuperate any VMware digital machines (VMs) impacted by a latest world wide campaign.

Ransomware payment tracker Ransomwhere believed the variety of victims at 3800, based on an “internet-wide” scanning exertion on Monday. It stated four payments experienced been created totalling $88,000, while this is probable to underestimate the scale of the campaign.

Original studies from country-stage CERTs claimed the threat actors driving it are exploiting CVE-2021-21974, a legacy bug which permits attackers to conduct distant code execution on VMware’s ESXi hypervisors by triggering a heap-overflow issue in OpenSLP.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Even so, an update from VMware claimed “significantly out-of-date products are currently being specific with identified vulnerabilities,” which would recommend additional than a single vulnerability is remaining exploited.

“With this in intellect, we are advising buyers to enhance to the most recent offered supported releases of vSphere components to deal with at the moment recognized vulnerabilities,” it explained. “In addition, VMware has recommended disabling the OpenSLP service in ESXi. In 2021, ESXi 7. U2c and ESXi 8. GA started shipping with the service disabled by default.”

Now CISA has unveiled a tool to enable compromised consumers to recuperate their VMs.

Primarily based on findings by scientists Enes Sonmez and Ahmet Aykac, the script is effective by reconstructing VM metadata from digital disks that ended up not encrypted by the ransomware.

“Any organization trying to find to use CISA’s ESXiArgs recovery script ought to carefully overview the script to establish if it is proper for their natural environment just before deploying it. This script does not request to delete the encrypted config data files, but in its place seeks to build new config documents that permit entry to the VMs,” CISA explained.

“While CISA functions to assure that scripts like this 1 are protected and effective, this script is shipped without the need of guarantee, both implicit or specific. Do not use this script without knowledge how it might affect your process.”

Editorial credit score icon image: Pavel Kapysh / Shutterstock.com


Some areas of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «russian hacker pleads guilty to money laundering linked to ryuk Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware
Next Post: #SOOCon23: Global Cooperation Needed to Enhance Open Source Software Security Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.