Hey Community -
Sorry to be the bearer of unpleasant security news as of late, but better to be proactive rather than reactive, as they say, right? 🤷🏻♂️
It appears the Agenda Ransomware group, which was first detected in 2022, has been ramping up infiltrations recently. It’s ransomware, Agenda (aka Qilin and Water Galura), infected the likes of healthcare, manufacturing, and educational entities 2years ago, but have since rewrote their ransomware to now target OS’s, and specifically geared towards the VMware hypervisor.
This new variant was detected by TrendMicro , which they say “comes with a variety of new functionalities and stealth mechanisms, & sets its sights squarely on VMware vCenter and ESXi servers.”
You can read more about this ransomware variant in the article below, as well as the TM link above:
https://www.darkreading.com/cloud-security/agenda-ransomware-vmware-esxi-servers
I’m not aware of any messaging by VMware as of yet about a potential patch/fix for this threat. If anyone else knows of a VMware KB/CVE, please share in the comments below.
