This site uses cookies to enhance your experience.  By continuing to visit this website, you consent to the use of these cookies. Click here to learn more about our privacy policy.

{{cptGetActiveTitle}}
Security
Internet Access Gateway
NGAF Firewall Platform
Endpoint Secure
Cyber Command
Cloud Computing
Hyper Converged Infrastructure
Sangfor Cloud Platform
Infrastructure
Virtual Desktop Infrastructure
Sangfor Access
Sangfor Intelligent Edge Router
SD-WAN
WAN Optimization
Top Use Cases
Security
Cloud Computing
Top Industries
Manufacturing
Education
Finance & Banking
Government
Healthcare
ISP
Security
Botnet Detection
Engine Zero
NG WAF
Neural-X
Business Intelligence
Threat Intelligence
zSand
Cloud Computing
SRAP
Services Overview
Care Service
Case Handling
Support Plans
RMA Process
Services Policy
Privacy Policy
Support Life Cycle Policy
Warranty Policy
Support Resources
Support Community
Beta Test Program
Sangfor's Answer to COVID-19
Support Case
Tech Documents
LiveChat
FAQ
Events & Webinars
Market Activities
Online Webinars
Blog
Technology
Cyber Security
Cloud Computing and Infrastructure
IT Network Infrastructure

Beware of Ransomware Attacking Your Virtualization Environment

2021-03-22
180
Beware of Ransomware attacking your Virtualization Environment

 

Recently, two ransomware gangs, RansomExx and Darkside Group, have launched attacks against VMware ESXi environments and encrypting their virtual hard drives. A third group that operate the Babuk Locker ransomware have also threatened attacks, although none have been attributed to them yet.

 

These ransomware attacks exploit VMware vulnerabilities CVE-2019-5544 and CVE-2020-3992 by sending malicious Service Location Protocol (SLP) requests to take control of ESXi servers and encrypt the virtual hard disk files. SLP is a protocol used by devices, including ESXi servers, on the same network to discover each other. From the cases reported, most of the virtual machines cannot boot after the attack forcing critical business operations to go down. The only way to recover is to restore data from backups or create new VMs.  Currently, there is no tool to decrypt data.  

 

Security experts from Sangfor FarSight Labs recommend the following:
  1. Install VMware ESXi patches immediately and disable SLP unless necessary.
  2. Upgrade all VMware and application components as quickly as possible.
  3. Regularly backup or snapshot virtual machines. It is recommended to create a remote backup site or disaster recovery site if possible.

 

Sangfor XDDR Security Framework has already updated protections for this threat:

  1. Sangfor Endpoint Secure: update you signature database to 20210317164718 or higher. Make sure you are connected to Sangfor Neural-X.
  2. Sangfor NGAF: update your vulnerability DB to 2021-3-18 or higher. Make sure Sangfor Neural-X is connected.
  3. Sangfor Cyber Command: update to latest version and make sure Sangfor Neural-X cloud is connected

 

 

Cyber Security Feature Image

Cyber Security

Related Articles
Cyber Security Feature Image

The AI-pocalypse: Using AI to Defend Against AI
Cyber Security Feature Image

The 5G Future of IoT: Proactive Thinking Enables Proactive Network Security
Cyber Security Feature Image

The Best Things in Life are not Free
Cyber Security Feature Image

Ryuk Ransomware and You: Or I’m no fool with Cyber Insurance
Products & Services
Innovations
Support
Partners
Resources
About Us
COPYRIGHT © 2000-2021 SANGFOR TECHNOLOGIES. ALL RIGHTS RESERVED.
Sales Channel StatementLegal StatementIntegrity and Reporting Policy