The new ransomware-as-a-service (RaaS) operation MichaelKors

by Vincent de Vries, on 30-May-2023 09:42:02

Ransomware operation MichaelKors

What is operation MichaelKors?

A new ransomware-as-a-service (RaaS) operation called MichaelKors has recently emerged, which targets Linux and VMware ESXi systems.

The cybersecurity firm CrowdStrike warns that this trend is significant since ESXi does not support third-party agents or antivirus software which makes it an attractive target for cybercriminals.

Targeting of VMware ESXi hypervisors

This targeting technique, known as hypervisor jackpotting, has been employed by various ransomware groups in the past.

The targeting of VMware ESXi hypervisors has caught the attention of cybercriminals due to the software's direct access to physical servers. This allows attackers to run malicious ELF binaries and gain unrestricted control over system resources. Attackers can breach ESXi hypervisors by using compromised credentials, gaining elevated privileges, and exploiting network vulnerabilities.

CrowdStrike highlights the lack of security tools, inadequate network segmentation, and existing vulnerabilities as factors contributing to the attractiveness of ESXi for malicious actors. In addition to ransomware groups, Chinese nation-state actors have also been linked to attacks on VMware ESXi servers using novel backdoors.

Prevention measures

As more organizations transfer their workloads and infrastructure to cloud environments based on VMware Hypervisor, the targeting of VMware-based virtualization infrastructure is expected to remain a major concern.

To mitigate the impact of hypervisor jackpotting, organizations are advised to adopt preventive measures such as avoiding direct access to ESXi hosts, implementing two-factor authentication, regularly backing up ESXi datastore volumes, applying security updates, and conducting security reviews.

For readers who want to read more updates regarding security in relation to VMware, you can find more information on the VMware Security Blog.

Organizations dealing with the threat of ransomware targeting VMware ESXi hypervisors may also consider using the OpsLogix VMware Management Pack and use the addon VMware Ransomware Vulnerability Monitoring. This will provide enhanced monitoring and alerting capabilities to detect and respond to ransomware attacks on VMware environments. By incorporating the solution into your security infrastructure, you can further fortify your defenses and proactively combat the evolving ransomware threat landscape. 



About our blog

Our blog is where you can find anything related to our products, product releases, company or just some other important information we think you - as our reader would like to know!

If you have a topic or question you think that we should address, but don't find it in our archive you can always have a look at our knowledge base.

Subscribe to Updates