1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • It might be impossible now to recover data from VMware ransomware

    From TechnologyDaily@1337:1/100 to All on Thu Feb 9 13:15:03 2023
    It might be impossible now to recover data from VMware ransomware attacks

    Date:
    Thu, 09 Feb 2023 12:56:16 +0000

    Description:
    The flawed encryptor is fixed and the decryption script no longer works.

    FULL STORY ======================================================================

    Well, that didnt take long.

    The script that allowed VMware ESXi server owners infected with ransomware to restore the files no longer works, because the attackers updated the
    encryptor and patched the flaw it had. Now, those without endpoint protection most likely wont be able to restore the files without getting the decryption key from the threat actors.

    The news was confirmed by BleepingComputer , whose researchers analyzed freshly obtained samples of the encryptor. Abusing an old flaw

    Late last week, national cybersecurity agencies of a few European countries, as well as those in the US and Canada, warned of a widespread, semi-automated attack against VMwares ESXi servers. The attackers found more than 3,000 endpoints (at press time) that were vulnerable to a flaw that VMware patched two years ago, and used that flaw to deploy the ESXiArgs ransomware.

    The attacked servers were located mostly in Europe (Italy, France, Finland), but also in the US and Canada. Businesses in France were allegedly worst-hit. Read more

    Widespread cyberattack hits servers across Europe


    CISA thinks it has a fix to the global ESXi ransomware attacks


    Best firewalls : Stay protected online

    The countrys national government computer security incident response team, CERT-FR, said the attack was semi-automated, targeting servers vulnerable to CVE-2021-21974. The flaw is described as an OpenSLP HeapOverflow vulnerability, allowing threat actors to execute code remotely.

    But soon after, researchers discovered that the encryptor was flawed and
    while in the process of encrypting big files, skipped large portions of them. That gave two researchers from YoreGroup Tech Team plenty of unencrypted
    files to work with, which helped them devise a way to decrypt the files and restore access to the compromised devices.

    The US Cybersecurity and Infrastructure Security Agency (CISA) later chimed in, creating a script to automate the work, and shared it on GitHub.

    But good news didnt last long, as the threat actors now started deploying an updated version of the encryptor, with the flaw eliminated. Still, everyone recommends victims try and use CISAs script, just in case. Best encryption software : Keep your files and folders safe



    ======================================================================
    Link to news story: https://www.techradar.com/news/it-might-be-impossible-now-to-recover-data-from -vmware-ransomware-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)