{"id":50433,"date":"2023-02-06T18:44:00","date_gmt":"2023-02-06T18:44:00","guid":{"rendered":"https:\/\/www.csoonline.com\/article\/3687095\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide.html#tk.rss_security"},"modified":"2023-02-06T18:44:00","modified_gmt":"2023-02-06T18:44:00","slug":"massive-ransomware-attack-targets-vmware-esxi-servers-worldwide","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/","title":{"rendered":"Massive ransomware attack targets VMware ESXi servers worldwide"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2022\/09\/ransomware-attack-100932412-large.jpg?auto=webp&amp;quality=85,70\" class=\"ff-og-image-inserted\"><\/div>\n<p>A global <a href=\"https:\/\/www.csoonline.com\/article\/3236183\/what-is-ransomware-how-it-works-and-how-to-remove-it.html\">ransomware<\/a> attack has hit thousands of servers running the VMware ESxi hypervisor, with many more servers expected to be affected, according to national cybersecurity agencies and security experts around the world.<\/p>\n<p>The Computer Emergency Response Team of France (CERT-FR) was the first to notice and send an alert about the attack.<\/p>\n<p>\u201cOn February 3, CERT-FR became aware of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them,\u201d <a href=\"https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2023-ALE-015\/\" rel=\"nofollow\">CERT-FR&nbsp;wrote<\/a>.&nbsp;<\/p>\n<p>Other national cybersecurity agencies \u2014 including organizations in the US, France and Singapore \u2014 have also issued alerts about the attack. Servers have been compromised in France, Germany, Finland, the US and Canada, according to reports.<\/p>\n<p>More than 3,200 servers have been compromised globally so far, according to <a href=\"https:\/\/search.censys.io\/search?resource=hosts&amp;sort=RELEVANCE&amp;per_page=25&amp;virtual_hosts=EXCLUDE&amp;q=services.http.response.body%3A+%22How+to+Restore+Your+Files%22+and+services.http.response.html_title%3A%22How+to+Restore+Your+Files%22&amp;cursor=eyJBZnRlciI6WyI4OS43ODE4MTUiLCJTeGpRcE5mU1orOVJlcEJnOENoTTJRPT0iXSwiUmV2ZXJzZSI6ZmFsc2UsIlNlZWQiOjB9\" rel=\"nofollow\">cybersecurity firm Censys.<\/a><\/p>\n<p>CERT-FR and other agencies report that the attack campaign exploits the CVE-2021-21974 vulnerability, for which a patch has been available since February 23, 2021. This vulnerability affects the Service Location Protocol (SLP) service and allows attackers to exploit arbitrary code remotely. The systems currently targeted are ESXi hypervisors in version 6.x, prior to 6.7, CERT-FR stated.&nbsp;<\/p>\n<aside class=\"nativo-promo nativo-promo-1 smartphone\" id> <\/aside>\n<p>\u201cThe SLP can be disabled on any ESXi servers that haven\u2019t been updated, in order to further mitigate the risk of compromise,\u201d CERT-FR wrote in its notice.&nbsp;<\/p>\n<p>An alert from cybersecurity provider DarkFeed over the weekend said that in Europe, France and Germany were most affected by the attack. Most of the servers that were hit in France and Germany were being hosted by hosting providers OVHcloud and Hetzner, respectively, according to DarkFeed.<\/p>\n<aside class=\"nativo-promo nativo-promo-1 tablet desktop\" id> <\/aside>\n<p>A <a href=\"https:\/\/darkfeed.io\/2023\/02\/04\/a-new-ransomware-attack-is-spreading-like-crazy\/#jp-carousel-61719\" rel=\"nofollow\">ransom note<\/a> issued to the victims of the attack posted publicly by DarkFeed said in part: &#8220;Security alert! We hacked your company successfully &#8230; Send money within 3 days, otherwise we will expose some data and raise the price.&#8221;<\/p>\n<p>The note quoted by DarkFeed said to send 2.01584 (about US$23,000) to a bitcoin wallet, but apparently the threat actor is using different wallets to collect fees. \u201cWhat&#8217;s interesting is that the bitcoin wallet is different in every ransom note. No website for the group, only TOX id,\u201d DarkFeed stated.&nbsp;<\/p>\n<p>Security agencies globally are offering advice to security teams.<\/p>\n<h2>Admistrators advised to update to latest ESXi version<\/h2>\n<p>\u201cUsers and administrators of affected product versions are advised to upgrade to the latest versions immediately. As a precaution, a full system scan should also be performed to detect any signs of compromise. Users and administrators are also advised to assess if the ransomware campaign-targeted port 427 can be disabled without disrupting operations,\u201d the Singapore Computer Emergency Response Team (<a href=\"https:\/\/www.csa.gov.sg\/singcert\/Alerts\/AL-2023-015\" rel=\"nofollow\">SingCERT<\/a>), <a href=\"https:\/\/www.csa.gov.sg\/singcert\/Alerts\/AL-2023-015\" rel=\"nofollow\">said in a notice<\/a>.&nbsp;<\/p>\n<aside class=\"nativo-promo nativo-promo-2 tablet desktop smartphone\" id> <\/aside>\n<p>Security researchers have been analyzing the attacks since they came to light, issuing similar advice and adding information.<\/p>\n<p>\u201cUpgrade to the latest version of #ESXi and restrict access to the #OpenSLP service to trusted IP addresses,\u201d security researcher Matthieu Garin recommended in a Twitter post. Garin also offered information that can be useful to help recover ransomed files. &#8220;The attackers only encrypt the config files, and not the vmdk disks where the data is stored. This can definitely be very useful!,\u201d Garin said.<\/p>\n<p>Meanwhile, US agencies said they were assessing the impact of the reported incidents.<\/p>\n<p>&#8220;CISA is working with our public and private sector partners to assess the impacts of these reported incidents and providing assistance where needed,&#8221; the US Cybersecurity and Infrastructure Security Agency said in a note to media, according to Reuters.&nbsp;<\/p>\n<aside class=\"nativo-promo nativo-promo-3 tablet desktop smartphone\" id> <\/aside>\n<p>Ransomware attackers often target developed countries, researchers noted.<\/p>\n<p>\u201cDeveloped countries are often targeted more frequently for ransomware attacks because they have more resources and access to bitcoins and are more likely to pay the ransom demands,\u201d said Rahul Sasi, co-founder and CEO at cybersecurity firm CloudSEK.<\/p>\n<p>\u201cThese countries also tend to have a higher density of valuable targets, such as large corporations and government agencies, that can be impacted by a successful attack. Additionally, developed countries often have more advanced technology infrastructure, making them a more attractive target for cybercriminals looking to exploit vulnerabilities,\u201d Sasi added.&nbsp;<\/p>\n<div class=\"end-note\"> <!-- blx4 #2004 blox4.html --> <\/p>\n<div id class=\"blx blxParticleendnote blxM2004 blox4_html blxC51120\">\n<aside> <strong>Next read this<\/strong> <\/aside>\n<\/p><\/div>\n<\/p><\/div>\n<p> READ MORE <a href=\"https:\/\/www.csoonline.com\/article\/3687095\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide.html#tk.rss_security\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity agencies globally \u2014 including in Italy, France, the US and Singapore \u2014 have issued alerts about a ransomware attack targeting the VMware ESXi hypervisor. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50434,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[738],"tags":[91],"class_list":["post-50433","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networkworld","tag-ransomware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Massive ransomware attack targets VMware ESXi servers worldwide 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Massive ransomware attack targets VMware ESXi servers worldwide 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-06T18:44:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/images.idgesg.net\/images\/article\/2022\/09\/ransomware-attack-100932412-large.jpg?auto=webp&amp;quality=85,70\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Massive ransomware attack targets VMware ESXi servers worldwide\",\"datePublished\":\"2023-02-06T18:44:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/\"},\"wordCount\":672,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide.jpg\",\"keywords\":[\"ransomware\"],\"articleSection\":[\"Networkworld\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/\",\"name\":\"Massive ransomware attack targets VMware ESXi servers worldwide 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide.jpg\",\"datePublished\":\"2023-02-06T18:44:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide.jpg\",\"width\":149,\"height\":84},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ransomware\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/ransomware\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Massive ransomware attack targets VMware ESXi servers worldwide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Massive ransomware attack targets VMware ESXi servers worldwide 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/","og_locale":"en_US","og_type":"article","og_title":"Massive ransomware attack targets VMware ESXi servers worldwide 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-02-06T18:44:00+00:00","og_image":[{"url":"https:\/\/images.idgesg.net\/images\/article\/2022\/09\/ransomware-attack-100932412-large.jpg?auto=webp&amp;quality=85,70","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Massive ransomware attack targets VMware ESXi servers worldwide","datePublished":"2023-02-06T18:44:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/"},"wordCount":672,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide.jpg","keywords":["ransomware"],"articleSection":["Networkworld"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/","url":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/","name":"Massive ransomware attack targets VMware ESXi servers worldwide 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide.jpg","datePublished":"2023-02-06T18:44:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide.jpg","width":149,"height":84},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/massive-ransomware-attack-targets-vmware-esxi-servers-worldwide\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"ransomware","item":"https:\/\/www.threatshub.org\/blog\/tag\/ransomware\/"},{"@type":"ListItem","position":3,"name":"Massive ransomware attack targets VMware ESXi servers worldwide"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50433","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50433"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50433\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50434"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}