CyberCube identifies potential ransomware targets

On February 16, San Francisco, CA-based CyberCube, provider of cyber risk analytics, announced that it has identified companies at risk of attack in a new ransomware campaign impacting thousands of businesses globally.

The automated ransomware campaign called ESXiArgs is targeting outdated VMware ESXi servers globally. Starting on Feb 9, 2023, the cybersecurity community reported threat actors successfully improving their attacks. The campaign encrypts configuration files on vulnerable ESXi servers, potentially rendering clients’ virtual machines (VMs) unusable. Internet-wide scans within days after the first reports surfaced showed a rapid infection rate with over 2,000 servers infected.

According to the research “CyberCube Briefing: Ransomware Risks & VMware Servers”, up to 70,000 ESXi hypervisors globally could become vulnerable. CyberCube has analyzed companies in its Industry Exposure Database (IED) to identify organizations running VMware ESXi hypervisors that could be vulnerable to the ESXiArgs ransomware.

William Altman, CyberCube’s cyber threat intelligence principal, said, “Large US-based insureds operating in banking, education, manufacturing, non-profit, aviation, and agriculture are at higher risk of being attacked by threat actors leveraging vulnerabilities in ESXi hypervisors compared to insureds operating in other industries. Large insureds ($1 billion-plus revenue) are at greater risk than medium, small, or micro-sized insureds. Large-sized companies are more likely to require the use of hypervisors and virtual machines as the foundation for the large-scale deployment of cloud computing and cloud storage resources.”

Yvette Essen, CyberCube’s Head of content, communications and creative, said, “The majority of impacted ESXi servers are in France and Germany. Cybersecurity agencies in other countries, including Singapore, have also raised alarms. At least a dozen universities have been reported to be impacted, including the Georgia Institute of Technology in Atlanta, Rice University in Houston, and institutions of higher learning in Hungary and Slovakia. Florida’s Supreme Court has also stated that it was impacted by ESXiArgs ransomware.”

Source: CyberCube

Like IC News? Then please consider subscribing. You’ll get full access to our searchable library of 10,000+ articles, plus new articles each weekday.