I have a very basic question. From what I have read, it seems these unpatched servers were directly attacked remotely through the internet via port 427. So unlike other ransomware attacks, the malware did not get into the network through phishing or from an employee accidentally downloading malicious files. Is this correct?
Asked
Active
Viewed 71 times
1 Answers
3
Those servers were exposed to the internet. ESXi servers should never be exposed to internet and stay behind firewall. Check for more information: https://www.bleepingcomputer.com/news/security/new-esxiargs-ransomware-version-prevents-vmware-esxi-recovery/
Stuka
- 6,012