The escalation of ESXiArgs ransomware attacks
February 2023 by Matt Aldridge, Principal Solutions Consultant at OpenText Security Solutions
There has been an escalation of ESXiArgs ransomware attacks. These attacks have already impacted servers belonging Florida’s Supreme Court, as well as a host of US and EU-based academic institutions. The commentary from Matt Aldridge, Principal Solutions Consultant at OpenText Security Solutions on why ransomware attacks are one of the most prominent threats to UK organisations and what businesses need to do in order to mitigate such attacks.
“Ransomware attacks are persistent and the most prominent threats to UK organisations, including big damage to the public sector, according to the latest report of the National Cybersecurity Centre (NCSC). The escalation of the ESXiArgs ransomware attacks is a clear indication that cyber-attacks are becoming increasingly targeted at critical virtual server infrastructure, which can often be difficult and sometimes impossible to patch – often needing to be completely replaced.
It’s now impossible for IT and security teams to address ransomware attacks like these with any single approach, process, or technology. Sensitive information held on critical infrastructure, like the impacted servers belonging to Florida’s Supreme Court or academic institutions is likely to be very valuable to organised criminals and nation-state actors alike.
Such data could command high prices on the dark web, may be used for criminal activities or sold to other unscrupulous government entities, via intermediaries, wishing to acquire information related to foreign affairs or intelligence activities. It is imperative for all organisations, but especially government agencies and educational institutions that hold sensitive data, to boost their security strategies to ensure sensitive, valuable data remains safe and protected.
To limit the impact of these attacks, companies that hold private information should ensure they have clearly defined security policies and procedures to avoid any leak of information. This starts with employee education, which underscores all effective cyber resilience and data protection strategies. Security awareness training programmes can now inform and educate employees on the latest threats in real-time, including information security, social engineering, malware, and industry-specific compliance topics. Attack simulations can also be used to automatically send users for re-education should any training issues be identified.
Secure and reliable backups of virtual machines are the final piece of the puzzle necessary to recover quickly from attacks such as this – ensure you are working with a technology provider who understands these challenges and who can supply mature, secure backup solutions to uphold your cyber resilience strategy. For those who need to rapidly migrate workloads to new environments to mitigate the risk of these attacks, consider contacting your partners about robust migration tools which are available to help do this quickly and safely, even into the cloud.”