Summary: In 2024, ransomware attacks on VMware ESXi servers surged, with average ransom demands reaching $5 million, primarily driven by variants of Babuk ransomware. The attacks exploit vulnerabilities in the vCenter server architecture, necessitating urgent security enhancements for organizations.
Threat Actor: Ransomware Groups | Babuk
Victim: Organizations using VMware ESXi | VMware ESXi
Key Point :
- Ransomware attacks on ESXi servers are increasingly targeting critical file types, including VMDK, VMEM, VSWP, and VMSN files.
- Attackers utilize a hybrid encryption approach, combining symmetric and asymmetric encryption to complicate recovery efforts.
- Strengthening vCenter security is crucial, with strategies including regular updates, implementing MFA, deploying detection tools, and network segmentation.
- Continuous testing and assessments are essential to identify security gaps and enhance defenses against potential ransomware threats.
Source: https://thehackernews.com/2025/01/ransomware-on-esxi-mechanization-of.html