Data centers have been going through a difficult process lately. Many servers around the world were attacked due to the vulnerability detected in VMware ESXi, the virtualization solution developed by VMware for the management and distribution of virtual computers.
This event, which brings cold sweats, has both good and bad sides. This remote code execution vulnerability, used to install ransomware on servers, was discovered two years ago. In other words, the affected servers are devices that do not have the patch released for this vulnerability.
Attack on vulnerable VMware ESXi servers!
The server owners, who were the victims of the attack, both asked for help and shared the details of the attack on the issues they opened in the forums. The ransomware in question was found on the ESXi servers it infiltrated. vmxf, .vmx, .vmdk, .vmsd and .nvram encrypts files.
While some users claimed that their data was stolen, one affected user stated on the BleepingComputer forums that this was not the case;
“Our research determined that the data was not leaking. In our case, on the hacked machine over 500GB data was available, but typical daily use only 2Mbps was level. We looked at traffic statistics for the last 90 days and found no evidence of outbound data.”
In addition to these, the files named “ransom.html” and “How to Restore Your Files.html” were seen on the ransomware infected servers.