Exsi

EXSi is a malware that has been causing significant disruptions in the cyber world. This malicious software, designed to exploit and damage computer systems, infiltrates through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware has been used by attackers to successfully shake down companies like Caesars for a ransom, and these same attackers are now targeting MGM Resorts, claiming to have crypto-locked its EXSi hypervisors. The Royal Ransomware threat group, known for being a prolific ransomware actor, is believed to be behind this attack. They have expanded their operations to target Linux platforms and EXSi servers. The developers of the Royal ransomware strain have added a Linux version which researchers believe is specifically designed to target vulnerable EXSi servers. ESXi, hosting several VMs, is a high-yielding target for attackers as they can deploy malware once and encrypt numerous servers with a single command. EXSi's attractiveness to cyberattackers lies in its ability to host multiple, data-rich virtual machines (VMs) on VMware's EXSi hypervisor platform, which runs on Linux and Linux-like OS. The emergence of EXSi stands at the intersection of two major ransomware trends: the development of malware based on the Babuk source code and a growing interest in compromising VMware EXSi servers. The new ransomware has been named ESXiArgs, reflecting its primary target - vulnerable EXSi servers.