A Chinese based ransomware group is exploiting the Log4Shell bug in VMware server products.
Microsoft has confirmed that suspected China-based cyber criminals are targeting the Log4j Log4Shell flaw in VMware’s Horizon product to install NightSky, a new ransomware strain that emerged on December 27, 2021.
Night Sky uses the double extortion model in its attacks. First, it demands corporate victims stump up money for a decryption key to get at their files, then it slaps them with the threat of either leaking all the stolen data or selling it to the highest bidder should victims refuse to pay.
One victim received an $800,000 ransom demand for a NightSky decryptor.
US Cybersecurity and Infrastructure Security Agency (CISA) on Monday said it had not seen Log4Shell exploitation result in significant intrusions beyond the attack on the Belgian Defense Ministry.
CISA also warned the lack of significant intrusions was no reason to reduce the urgency of remediation. Attackers who have already exploited targets can lay low for months afterwards, waiting for defenders to drop their guard before moving on their new access.
Thoughts
Please do not use VMware Horizon server products. We at Adept Technologies Inc. do not use any Apache Log4j based tools, or any other open-source technology in any of our software products. We do not support any VMware or any other virtualized system.
Years ago, I was speaking at a technology conference in New York City and during that conference I went to the wrong break out session class. I ended up at a VMware security class focused on the hypervisor.
After that class I was done with VMware. Over the next year we removed every VMware system off all our servers including our test servers that upset some of my colleagues. I made it clear that we will not support any of our software products running on any virtual server, workstation or device.
Imagine lifting all of Manhattan New York, every building, skyscraper, bridge, everything and supporting it on one toothpick. All you need to do to destroy all of Manhattan, just takeout the toothpick. Why do people purchase VMware? It saves them money, and they must have no clue on what a hypervisor is and how it is like a toothpick.
Instead of purchasing all the necessary equipment, and software licenses which is very expensive, they go cheap. Let’s throw in the cloud based companies that go off to pure stupidity, you really think Amazon AWS is giving you a real standalone server? No, they are not. They use VMware too. It is just a domino effect.
I love the excuses some companies claim about how they invested so much time and money into their VMware investment. Come to one of our datacenters and I will show them what real investment and real money looks like.
Fake it until you make it does not work anymore in any industry.
Over the years I have been asked what was my favorite conference in New York City? It was and still is the suits and spooks. Many good times at that conference.
Be safe especially if you’re a VMware user, NightSky is a clear danger right now for you, I recommend reading the cisa.gov guidance link Reference 5 below.
References:
Reference 1: zdnet.com – log4j-flaw
Reference 2: bleepingcomputer.com – log4j bug to hack vmware horizon servers
Reference 3: portswigger.net – vmware horizon under attack
Reference 4: malwarebytes.com – night sky the new corporate ransomware demanding a sky high ransom
Reference 5: cisa.gov – apache log4j vulnerability guidance
Contact us today toll free 1-888-392-9623 to find out more on how Adept Technologies can save you money by utilizing our services and software technology.
