VMware ESXi servers vulnerable to Akira ransomware

VMware ESXi servers vulnerable to Akira ransomware

VMware ESXi servers worldwide fall prey to Akira ransomware. These VMware virtual machines are a popular target for cybercriminals.

Through a Linux encryptor, cybercriminals can infect ESXi servers with the Akira ransomware. Companies around the world are vulnerable to the attack. Victims can no longer access their files and are asked to transfer money to get the files released again. In addition, the hackers steal sensitive data, which they threaten to make public.

VMware’s ESXi servers have been attacked more frequently in recent years via Linux encryptors. This method gained popularity after the company switched to virtual machines for servers. For this, the company looked at the positive side of the switch, such as better device management and efficient use of resources.

For hackers, servers are popular because they can spread ransomware at a high rate. It only takes hackers one run, which makes the ransomware attack tremendously fast for a change. Moreover, ESXi servers are popular in the enterprise world; they are among the most widely used hypervisors worldwide. Finally, there is a lack of security solutions for the devices. A previously published report by CrowdStrike pointed out that antivirus software is simply unsupported.

In February, thousands of attacks on ESXi servers occurred within a single weekend. Hackers exploited a two-year-old vulnerability for the attack.

Cybersecurity research tries to avoid such problems but does not always succeed. Research is time-consuming and not always easy, which is precisely why good cyber security for servers is important. In 2022, Mandiant did manage to expose a problem that had not yet been massively exploited.