1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • CISA thinks it has a fix to the global ESXi ransomware attacks

    From TechnologyDaily@1337:1/100 to All on Wed Feb 8 14:45:03 2023
    CISA thinks it has a fix to the global ESXi ransomware attacks

    Date:
    Wed, 08 Feb 2023 14:40:10 +0000

    Description:
    Script to fix the flaw released on GitHub, automating the ransomware recovery process.

    FULL STORY ======================================================================

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a script on GitHub aimed at helping the VMware ESXi ransomware attack victims rebuild their endpoints.

    Thousands of VMware ESXi servers have recently been targeted across Europe
    and North America, with initial reports mentioning some 500 victims, and
    newer assessments putting the number at 2,800.

    The unnamed attackers scanned VMware ESXi servers in search of
    CVE-2021-21974, a known vulnerability that was patched by the company two years ago. Those that were vulnerable ended up infected with ransomware. Failed encryption campaign

    However, the cybercrime campaign seems to have been mostly unsuccessful, as the ransomware did not encrypt flat files which hold data for virtual disks.

    Two researchers from YoreGroup Tech Team found a way to use those files to rebuild virtual machines. While many were successful in using their method to recover their servers, the process is allegedly relatively complex, prompting CISA to jump in and help automate the process with a script. Read more

    Widespread cyberattack hits servers across Europe


    What is ransomware and how does it work?


    These are the best endpoint protection services around

    "CISA is aware that some organizations have reported success in recovering files without paying ransoms. CISA compiled this tool based on publicly available resources, including a tutorial by Enes Sonmez and Ahmet Aykac,"
    the agency said. "This tool works by reconstructing virtual machine metadata from virtual disks that were not encrypted by the malware."

    While immensely helpful, the script still needs to be carefully considered, CISA says. Administrators should first review it, to eliminate any possible complications. Backing up the files before engaging in any recovery process
    is also highly welcome.

    "While CISA works to ensure that scripts like this one are safe and
    effective, this script is delivered without warranty, either implicit or explicit." the agency concluded. "Do not use this script without
    understanding how it may affect your system. CISA does not assume liability for damage caused by this script." Here's a rundown of the best firewalls today

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/cisa-thinks-it-has-a-fix-to-the-global-esxi-ran somware-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)