Over the weekend, several thousand computer systems around the world were hacked and blocked with the ransomware trojan ESXiArgs, which became widespread due to a two-year-old vulnerability in VMware server software. reported Bloomberg resource.
Accordingly Data Search engine Censys, the refers Resource Bleeping Computer, as a result of hacking more than 3200 VMware servers worldwide were compromised. The computer systems most affected by the ransomware virus were located in France, followed by the United States, Germany, Canada, and the United Kingdom.
VMware representative Doreen Ruyak informed TechCrunch that a ransomware variant called ESXiArgs “appears to exploit a vulnerability identified as CVE-2021-21974”. She noted that fixes were made for this vulnerability “were made available to customers two years ago in the VMware Security Advisory dated February 23, 2021.”
“Security hygiene is a key component in preventing ransomware attacks, and organizations running versions of ESXi affected by CVE-2021-21974 that have not yet applied the patch should take the actions outlined in the bulletin.” Doreen Ruyak added.
The infected computers represent just a small portion of the more than 66,000 internet-connected servers that could be potential targets, said Patrice Auffret, founder and CEO of French cybersecurity firm Onyphe SAS.
According to security experts, it remains unclear whether the campaign is connected to a ransomware attack on the networks of the British company ION Trading UK, which paralyzed derivatives trading worldwide last week and was carried out by the notorious hacker group LockBit.