Two hosts appeared to have a ransom note on port 443 on January 31, 2023. Prior to widely ramping up a campaign, threat actors often “test” their methods on a select few hosts, so we were hoping to understand more about the earlier stages of these attacks. As we examined historical trends around this campaign, we searched back to January 31, 2023, for hosts with signs of this ransomware. On February 3, 2023, a ransomware campaign with the initial ESXiArgs variant began making headlines. Top 5 New Compromises (February 11th through February 12th) Country For more details about all other countries, please visit our ESXiArgs Dashboard (discussed further down) and use the location filter in the “Changes over Time” tab. This sudden surge of attacks is particularly interesting because most of these newly infected hosts are isolated to the country of France, Germany, the Netherlands, and the United Kingdom. Over the last few days, Censys has observed just over 500 newly infected hosts. The attackers update the same two October 2022 hosts with a ransom note similar to the current campaign on port 443.Ĭensys observes thousands of hosts compromised with this ransomware.Īttackers change their encryption methods and ransom notes on every compromised host.Ĭensys observed a burst of new compromised hosts. Summary of Events so Far October 12, 2022Ĭensys observes two hosts with a similar (but different) ransom note as the current campaigns.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |