VMware

Are Your ESXi Hosts Exposed? A looming deadline could make them inaccessible soon.

In February 2021, I published a blog post titled “Is Your VMware vCenter Publicly Available?” In light of the recent ESXiArgs ransomware attack that targets publicly available ESXi hosts, it is essential to reiterate the importance of keeping your VMware infrastructure secure.

As previously mentioned, there is no valid reason why your VMware vCenter or ESXi hosts should be available over the internet. Allowing public access to these systems invites potential attacks and increases the risk of a successful ransomware attack like ESXiArgs.

The vulnerability exploited by ESXiArgs was patched two years ago, but it still persists in many environments. The attackers are targeting publicly available ESXi hosts using this vulnerability to gain access and encrypt the systems. If you have not yet applied the patch or taken steps to secure your ESXi hosts, now is the time to do so.

It is crucial to remember that the same technique and vulnerability is also present inside your perimeter firewall. Any internal client that can access your hosts could potentially be an attacker as well. Therefore, it is essential to restrict access to your ESXi hosts and vCenter server to only authorized personnel and implement additional security measures such as firewalls, intrusion detection systems, and antivirus software.

In addition to applying the patch, you should also ensure that all your ESXi hosts are updated with the latest firmware and software updates. This includes updating any third-party plugins or software that may be installed on your ESXi hosts.

Moreover, it is essential to have a robust backup and recovery strategy in place. In the event of a ransomware attack, you should have a recent backup available to restore your systems quickly. You should also test your backups regularly to ensure their integrity and availability.

In conclusion, the ESXiArgs ransomware attack is a stark reminder of the importance of keeping your VMware infrastructure secure. It is crucial to restrict public access to your ESXi hosts and vCenter server, apply the latest patches and updates, implement additional security measures, and have a robust backup and recovery strategy in place. By taking these steps, you can minimize the risk of a successful ransomware attack and protect your critical infrastructure.