We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

VMWare Servers Targeted in Global Ransomware Attack

VMWare Servers Targeted in Global Ransomware Attack
Husain Parvez Published on 8th February 2023 Cybersecurity Researcher

A large-scale ransomware attack has impacted thousands of organizations worldwide, according to Italy's National Cybersecurity Agency (ACN). The hackers exploited a two-year-old vulnerability in VMware ESXi servers, targeting servers across Europe and North America.

Roberto Baldoni, the Director General of ACN, spoke to Reuters and explained that cybercriminals took advantage of an older VMWare software vulnerability. The ransomware variant, dubbed "ESXiArgs", has caused chaos for organizations with unpatched VMware ESXi servers. The Italian news agency ANSA reported that cybersecurity officials have warned that the vulnerability can be exploited via low-complexity attacks that do not require employee passwords or secrets.

VMware ESXi is a hypervisor technology that allows organizations to host multiple virtualized computers on a single physical server. An estimated 3,200 servers are reportedly compromised by the ESXiArgs vulnerability, with France, the United States, the United Kingdom, Canada, and Germany being the most affected.

In response to the cyberattack, VMWare spokesperson Doreen Ruyak clarified that the company was aware of the latest reports and issued a patch for the ESXiArgs vulnerability (dubbed CVE-2021-21974) back in February 2021. In a statement to TechCrunch, Ruyak urged “organizations who are running versions of ESXi impacted by CVE-2021-21974, and have not yet applied the patch, should take action as directed in the advisory”.

After the warning alarm from Italy’s ACN to fellow nations and private organizations, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed further investigation into the impact. A CISA spokesperson told TechCrunch that the organization was working with the public and private sectors in the country, and “any organization experiencing a cybersecurity incident should immediately report it to CISA or the FBI”.

Security experts are yet to determine whether the latest ransomware campaign is connected to the attack on ION Trading UK last week, which caused a worldwide disruption in derivatives trading.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.