At the beginning of February, the BSI and other media reported that thousands of ESXi servers, which are used for the virtualization of IT processes, were encrypted in a globally widespread ransomware attack. The countries most affected were France, USA, Germany and Canada, but other countries were not spared either. Ransomware, also known as extortion Trojans, denies users access to data or the entire computer system. The data is encrypted or access is prevented and a ransom is demanded for decryption or release, or the data is threatened to be made public.
Criminals gained access via a vulnerability that was patched back in February 2021. This vulnerability is very dangerous with a CVSS score of 8.8 (the scale goes up to 10). Most importantly, it is not new. Updates that fix this vulnerability were available shortly after it became known. This incident clearly shows that regular updates are essential to ensure IT security.
We at SNOKE CONNECT were confronted with encrypted servers. The attackers demanded a ransom to release the data. They threatened to inform customers about the data breach and sell the data to competitors and criminals. It was claimed that decryption of the data was impossible. However, SNOKE CONNECT security experts managed to recover at least part of the data.
If you also need help to close security gaps or you want to know how your IT security is doing, contact us.