A new ransomware named ‘Cheers’ is targeting VMware ESXi servers. VMware is a virtualization platform used by many large corporations. It has been targeted recently by many ransomware groups with the most recent attacks being LockBit and Hive.
When a VMware ESXi server is compromised, the attacker launches an encrypter which will stop all running virtual machines. Once they are stopped it will seek out files with .log, .vmdk, .vmem, .vswap and .vmsn extensions. These files will be encrypted with “.cheers” extension and will be inaccessible unless a ransom is paid to the attacker. If the file is unable to be encrypted it will still have its extension renamed to “.cheers”. This will cause downtime for any company as these virtual machines will be unable to start.
Always make sure to keep servers, especially hypervisors, secure and follow best security practices. This can be as simple as changing the administrator account password regularly, using a strong password, or locking down administrator access to only trusted machines. Also run an up-to-date virus protection on all machines and be sure to train users on phishing attempts and how to detect them. Most ransomware attacks are spread through email.
This exploit was recently reported here including details of the infection routine: https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html
Here at Beringer Technology Group, we offer a wide range of solutions designed to keep your business operational, no matter what threats may come your way. From backup and disaster recovery to cloud-based CRM solutions such as Microsoft Dynamics, Beringer is at the forefront of helping organizations navigate the daily threat that cybercrime poses.
Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution, also provides expert Managed IT Services, Backup and Disaster Recovery, Cloud Based Computing, Email Security Implementation and Training, Unified Communication Solutions, and Cybersecurity Risk Assessment.