CyberCube identifies potential targets in VMware ransomware campaign

CyberCube, the market leader in cyber risk analytics, has identified companies at risk of attack in a new ransomware campaign impacting thousands of businesses globally.

The automated ransomware campaign called ESXiArgs is targeting outdated VMware ESXi servers globally. Starting on Feb 9, 2023, the cybersecurity community reported threat actors successfully improving their attacks. The campaign encrypts configuration files on vulnerable ESXi servers, potentially rendering clients’ virtual machines (VMs) unusable. Internet-wide scans within days after the first reports surfaced showed a rapid infection rate with over 2,000 servers infected.

According to the research “CyberCube Briefing: Ransomware Risks & VMware Servers”, up to 70,000 ESXi hypervisors globally could become vulnerable. CyberCube has analyzed companies in its Industry Exposure Database (IED) to identify organizations running VMware ESXi hypervisors that could be vulnerable to the ESXiArgs ransomware. 

William Altman, CyberCube’s Cyber Threat Intelligence Principal, said: “Large US-based insureds operating in banking, education, manufacturing, non-profit, aviation, and agriculture are at higher risk of being attacked by threat actors leveraging vulnerabilities in ESXi hypervisors compared to insureds operating in other industries.

“Large insureds ($1 billion-plus revenue) are at greater risk than medium, small, or micro-sized insureds. Large-sized companies are more likely to require the use of hypervisors and virtual machines as the foundation for the large-scale deployment of cloud computing and cloud storage resources.”

Yvette Essen, CyberCube’s Head of Content, Communications & Creative, said: “The majority of impacted ESXi servers are in France and Germany. Cybersecurity agencies in other countries, including Singapore, have also raised alarms. At least a dozen universities have been reported to be impacted, including the Georgia Institute of Technology in Atlanta, Rice University in Houston, and institutions of higher learning in Hungary and Slovakia. Florida’s Supreme Court has also stated that it was impacted by ESXiArgs ransomware.”

CyberCube has modeled a large-scale ransomware attack as part of Portfolio Manager, a scenario-based data-driven model that enables risk professionals to develop insights for their senior leadership and teams. It also allows stress testing of portfolios of insurance risk so that loss drivers and areas of accumulation risk can be identified.

About CyberCube

CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations quantify cyber risk to facilitate placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modeling on thousands of points of technology failure.

The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners. It is backed by Morgan Stanley Tactical Value, Forgepoint Capital, HSCM Bermuda, MTech Capital, individuals from Stone Point Capital and Scott G. Stephenson. For more information, please visit www.cybcube.com or email info@cybcube.com.

Contact Yvette

If you're looking for more information on CyberCube or on how to collaborate with us, feel free to get in touch with me directly.

I'd be happy to help!