The ESXi ransomware attack wave: when did it hit?
The National Agency detected a significant ransomware attack wave for the Security of Information Systems (ANSSI)’s CERT-FR on February 3rd, 2023. The IT community believes this wave leverages the CVE-2021-21974 vulnerability to deploy an ESXi ransomware. This article compiles information from the cybersecurity sphere and offers insights on detecting and neutralizing this threat.
How is this ESXi ransomware spreading?
According to available information, this ransomware spreads using the CVE-2021-21974 vulnerability, published and fixed in February 2021.
According to CERT-FR, another CVE is being used: CVE-2020-3992 published and fixed on October 20, 2020. Its principle is similar to CVE-2021-21974, so we will focus on the latter.