{"id":23126,"date":"2023-02-23T01:21:38","date_gmt":"2023-02-23T01:21:38","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=23126"},"modified":"2026-04-17T18:07:42","modified_gmt":"2026-04-17T18:07:42","slug":"esxiargs-ransomware-attack-event-analysis","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/esxiargs-ransomware-attack-event-analysis\/","title":{"rendered":"ESXiArgs Ransomware Attack Event Analysis"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<html><body><p><br>The French Computer Emergency Response Team (CERT-FR) warned that <sup>[1]<\/sup> an attacker exploited a two-year-old remote code execution vulnerability in VMware ESXi server to deploy new ESXiArgs ransomware. The security vulnerability number is CVE-2021-21974 <sup>[2]<\/sup> and it is caused by a heap overflow vulnerability in the OpenSLP service. Unauthenticated attackers can use this vulnerability to launch attacks very easily.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Vulnerability (CVE-2021-21974) Information<\/strong><\/h2>\n\n\n\n<p>If an attacker is on the same network segment as ESXi and can access port 427, he or she can trigger a heap overflow vulnerability in the OpenSLP service by sending a constructed malicious request packet to port 427, ultimately causing remote code execution. In February 2021, VMware discovered the relevant program vulnerabilities and released patches. In addition, the PoC of this vulnerability has already been disclosed. The recent attack is targeted at unpatched products. The vulnerability CVE-2021-21974 affects the following systems:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>ESXi version 7.x before ESXi70U1c-17325551<\/li><li>ESXi version 6.7.x before ESXi670-20210401-SG<\/li><li>ESXi version 6.5.x before ESXi650-202102101-SG<\/li><\/ul>\n\n\n\n<p>According to the network mapping engine[3], the currently mainly affected versions are 6.7.0, 6.5.0, 6.0.0, and 5.5.0.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-1.jpg\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"488\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-1-1024x488.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-23145\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-1-1024x488.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-1-300x143.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-1-768x366.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-1-600x286.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-1-200x95.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-1.jpg 1169w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center\" style=\"font-size:16px\">Figure 1 Software Version Distribution of Extorted Assets<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Asset Exposure Analysis<\/strong><\/h2>\n\n\n\n<p>The data shows that ESXi&#8217;s global exposure assets are over 84,000 as of this writing. They are mainly distributed in France, the United States, Belgium, China, Germany, etc.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-2.png\"><img decoding=\"async\" width=\"1024\" height=\"498\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-2-1024x498.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-23147\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-2-1024x498.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-2-300x146.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-2-768x374.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-2-600x292.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-2-1280x624.png 1280w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-2-200x97.png 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-2.png 1283w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center\" style=\"font-size:16px\">Figure 2 Global Distribution of ESXi Asset Exposure Countries<\/p>\n\n\n\n<p>The attack is mainly against the OpenSLP port (427) of ESXi servers before 7.0 U3i. There are more than 2,200 assets exposed at 427 ports, as shown in Figure 3. On February 5, 2023, there were 700 assets exposed at 427 ports only. The number is still increasing. This is not all of the data as some attacked servers with port 427 opened are not in this list. The data of this port probably is being mapped. For such vulnerabilities, we can manage the attack surface in advance. Not only ESXi but also other critical infrastructure, such as government website services, cloud-native service components, 5G network elements, industrial Internet, Internet of Vehicles, etc., should be well managed for risk mitigation as soon as possible. External attack surface management is essential. Gartner listed External Attack Surface Management (EASM) as a security and risk management trend in 2022. &nbsp;It continuously maps the exposure of all kinds of assets and services on the Internet and analyzes the attack surface it faces, especially to find and mitigate potential risks before attackers use it.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-3.png\"><img decoding=\"async\" width=\"1024\" height=\"502\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-3-1024x502.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-23149\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-3-1024x502.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-3-300x147.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-3-768x377.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-3-600x294.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-3-200x98.png 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-3.png 1319w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center\" style=\"font-size:16px\">Figure 3 Distribution of Port 427 Exposure Countries<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Extortion Status<\/strong><\/h2>\n\n\n\n<p>The blackmailed asset page will display the bitcoin address for the ransom payment, which is about two bitcoins.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-4.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-4-1024x515.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-23151\" width=\"736\" height=\"370\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-4-1024x515.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-4-300x151.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-4-768x386.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-4-600x302.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-4-200x101.png 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-4.png 1320w\" sizes=\"(max-width: 736px) 100vw, 736px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center\" style=\"font-size:16px\">Figure 4 Ransom Page of Extorted Assets<\/p>\n\n\n\n<p>The number of blackmailed assets queried in different periods is shown in Table 1.&nbsp;<\/p>\n\n\n\n<p class=\"has-text-align-center\" style=\"font-size:16px\">Table 1 Number of Extorted Assets in Different Time <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-1-1024x216.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-23135\" width=\"641\" height=\"135\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-1-1024x216.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-1-300x63.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-1-768x162.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-1-1536x325.png 1536w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-1-600x127.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-1-200x42.png 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-1.png 1666w\" sizes=\"(max-width: 641px) 100vw, 641px\" \/><\/a><\/figure>\n<\/div>\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-5.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"528\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-5-1024x528.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-23153\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-5-1024x528.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-5-300x155.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-5-768x396.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-5-600x309.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-5-200x103.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-5.jpg 1263w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<p class=\"has-text-align-center\" style=\"font-size:16px\">Figure 5 Number of Extorted Assets<\/p>\n\n\n\n<p>According to the query results, the top extorted assets are mainly distributed in France, the United States, Germany, and Canada. Although the number of ESXi servers deployed in France, the United States, and Germany is different not quite much, the number of servers blackmailed in France is twice that of other countries. This may be related to the difference between countries in the operations of organizations and the regulations of governments.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-6.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"496\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-6-1024x496.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-23155\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-6-1024x496.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-6-300x145.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-6-768x372.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-6-600x290.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-6-200x97.png 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Figure-6.png 1318w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center\" style=\"font-size:16px\">Figure 6 Distribution of Extorted Assets in Countries<\/p>\n\n\n\n<p>When surveying and mapping the infected ESXi server, it was found that there are still more than 600 servers with open port 427 at risk of being attacked.<\/p>\n\n\n\n<p class=\"has-text-align-center\" style=\"font-size:16px\">Table 2 Status of Port 427 of Extorted Assets<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-2.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-2-1024x145.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-23141\" width=\"734\" height=\"103\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-2-1024x145.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-2-300x43.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-2-768x109.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-2-600x85.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-2-200x28.png 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/Table-2.png 1227w\" sizes=\"(max-width: 734px) 100vw, 734px\" \/><\/a><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\">Protection Solution<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Disable the OpenSLP service, or install patches in time to upgrade to the latest version.<\/li><li>Examine if there is a vmtools.py backdoor file. If you do find one, delete it immediately.<\/li><li>For encrypted virtual machines, restore the file * flat.vmdk to restore the virtual machine image<sup>[4].<\/sup><\/li><li>Deploy protection software for hosts and servers. Take vulnerability scanning and take precautions in place. &nbsp;<\/li><li>Manage the external attack surface and perceive such risks in advance.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>NSFOCUS Security Solution<\/strong><\/h2>\n\n\n\n<p>NSFOCUS security solution provides a comprehensive security system to protect against ransomware attacks, including vulnerability scanning, abnormal behavior monitoring, intrusion threat detection, anti-virus and threat intelligence and covering the entire period of an attack &acirc;&euro;&ldquo; before, during and after the event.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/NSFOCUS-Security-Solution.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"628\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/NSFOCUS-Security-Solution-1024x628.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-23143\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/NSFOCUS-Security-Solution-1024x628.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/NSFOCUS-Security-Solution-300x184.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/NSFOCUS-Security-Solution-768x471.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/NSFOCUS-Security-Solution-600x368.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/NSFOCUS-Security-Solution-200x123.png 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/NSFOCUS-Security-Solution.png 1469w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p>Moving businesses to the cloud has become inevitable for organizations. The development of cloud computing has brought a lot of changes and opportunities, but it also has introduced many risks that cannot be ignored. NSFOCUS&#8217;s cloud strategy helps customers to discover exposed attack surfaces and manage and mitigate risks continuously, and helps partners expand security capabilities to increase competitiveness with value-added services in broader markets.<\/p>\n\n\n\n<p><strong>References<\/strong><\/p>\n\n\n\n<p>[1] https:\/\/www.bleepingcomputer.com\/news\/security\/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide\/<br>[2] https:\/\/straightblast.medium.com\/my-poc-walkthrough-for-cve-2021-21974-a266bcad14b9[3] <br>[3] https:\/\/www.shodan.io<br>[4] https:\/\/enes.dev\/<\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>The French Computer Emergency Response Team (CERT-FR) warned that [1] an attacker exploited a two-year-old remote code execution vulnerability in VMware ESXi server to deploy new ESXiArgs ransomware. The security vulnerability number is CVE-2021-21974 [2] and it is caused by a heap overflow vulnerability in the OpenSLP service. Unauthenticated attackers can use this vulnerability to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":23160,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3],"tags":[603],"class_list":["post-23126","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-ransomware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ESXiArgs Ransomware Attack Event Analysis - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ESXiArgs Ransomware Attack Event Analysis - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"The French Computer Emergency Response Team (CERT-FR) warned that an attacker exploited a two-year-old remote code execution vulnerability in VMware ESXi\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-23T01:21:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/image.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"ESXiArgs Ransomware Attack Event Analysis - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"The French Computer Emergency Response Team (CERT-FR) warned that an attacker exploited a two-year-old remote code execution vulnerability in VMware ESXi\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/image.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"ESXiArgs Ransomware Attack Event Analysis\",\"datePublished\":\"2023-02-23T01:21:38+00:00\",\"dateModified\":\"2026-04-17T18:07:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/\"},\"wordCount\":779,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/image.jpg\",\"keywords\":[\"Ransomware\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/\",\"name\":\"ESXiArgs Ransomware Attack Event Analysis - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/image.jpg\",\"datePublished\":\"2023-02-23T01:21:38+00:00\",\"dateModified\":\"2026-04-17T18:07:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/image.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/image.jpg\",\"width\":400,\"height\":240,\"caption\":\"Hacker in hoodie surrounded by digital code.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/esxiargs-ransomware-attack-event-analysis\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ESXiArgs Ransomware Attack Event Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ESXiArgs Ransomware Attack Event Analysis - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"ESXiArgs Ransomware Attack Event Analysis - NSFOCUS","og_description":"The French Computer Emergency Response Team (CERT-FR) warned that an attacker exploited a two-year-old remote code execution vulnerability in VMware ESXi","og_url":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/","og_site_name":"NSFOCUS","article_published_time":"2023-02-23T01:21:38+00:00","article_modified_time":"2026-04-17T18:07:42+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/image.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"ESXiArgs Ransomware Attack Event Analysis - NSFOCUS","twitter_description":"The French Computer Emergency Response Team (CERT-FR) warned that an attacker exploited a two-year-old remote code execution vulnerability in VMware ESXi","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/image.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"6 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"ESXiArgs Ransomware Attack Event Analysis","datePublished":"2023-02-23T01:21:38+00:00","dateModified":"2026-04-17T18:07:42+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/"},"wordCount":779,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/image.jpg","keywords":["Ransomware"],"articleSection":["Blog"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/","url":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/","name":"ESXiArgs Ransomware Attack Event Analysis - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/image.jpg","datePublished":"2023-02-23T01:21:38+00:00","dateModified":"2026-04-17T18:07:42+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/image.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/02\/image.jpg","width":400,"height":240,"caption":"Hacker in hoodie surrounded by digital code."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/esxiargs-ransomware-attack-event-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"ESXiArgs Ransomware Attack Event Analysis"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/23126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=23126"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/23126\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/23160"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=23126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=23126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=23126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}