On February 16, 2023, CyberCube, a leading provider of cyber risk analytics, has identified vulnerable companies at risk of attack in a new ransomware campaign affecting thousands of businesses worldwide.
A ransomware campaign called ESXiArgs, which is automated, targets outdated VMware ESXi servers globally. The cybersecurity community reported that threat actors had improved their attacks starting on February 9, 2023. The campaign encrypts configuration files on at-risk ESXi servers, potentially making clients' virtual machines (VMs) unusable. Internet-wide scans conducted within days after the first reports indicated a fast infection rate, with over 2,000 servers infected.
The "CyberCube Briefing: Ransomware Risks & VMware Servers" report revealed that around 70,000 ESXi hypervisors worldwide could be at risk. CyberCube, through analysis of companies in its Industry Exposure Database (IED has identified organizations that utilize VMware ESXi hypervisors that may be at risk of the ESXiArgs ransomware.
CyberCube has modeled a ransomware attack on a large scale as part of Portfolio Manager. This scenario-based data-driven model allows risk professionals to generate insights for their teams and senior leadership. This tool also enables stress testing of insurance risk portfolios, helping identify areas of accumulation risk and loss drivers.
CyberCube's Cyber Threat Intelligence Principal, William Altman, commented, "Large US-based insureds operating in banking, education, manufacturing, non-profit, aviation, and agriculture are at higher risk of being attacked by threat actors leveraging vulnerabilities in ESXi hypervisors compared to insureds operating in other industries."
He added, "Large insureds ($1 billion-plus revenue) are at greater risk than medium, small, or micro-sized insureds. Large-sized companies are more likely to require the use of hypervisors and virtual machines as the foundation for the large-scale deployment of cloud computing and cloud storage resources."
(Source – Business Wire)
CyberCube, founded in 2015, is a leading cyber risk analytics provider focused on the insurance industry. Its cloud-based platform enables insurance organizations to quantify cyber risk for placing insurance, underwriting cyber risk, and managing cyber risk aggregation using best-in-class data access and advanced multi-disciplinary analytics. The company's enterprise intelligence layer includes modeling on thousands of points of technology failure and provides insights on millions of companies globally.