VMware Cloud Community
flabrune
Contributor
Contributor

ALERT - Ransomware attack

All my storages are encrypted.

I have Vmware Esx 6 and Esx 8.1 Essential

In the file name appears the name of an encryption company called https: // www msgsafe io

I have no relationship with that company.

Does anyone know her?

The attack started at 4.30 am GMT -3

Attached example of the state of a virtual machine.

Any idea would help.

Thank you

 

Moderator note: URL has been modified, so that nobody accidentally clicks on the link.

Tags (2)
Reply
0 Kudos
4 Replies
scott28tt
VMware Employee
VMware Employee

What did VMware support say?

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
scott28tt
VMware Employee
VMware Employee

As your post needs moving to the correct area of the Communities, I have reported it to the moderators.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
flabrune
Contributor
Contributor

Scoot , can you help me ?

Which is the correct area for this post .. ?  I did´nt find security .. ?

I tried to reach the company https://www.msgsafe.io  but no luck.

I will create a ticket in support ..

No VIB installed in this servers...

Thanks

Reply
0 Kudos
a_p_
Leadership
Leadership

Your post has already been moved to the ESXi area.

The company behind the DNS-Domain is a mail hoster, so contacting them may not help, and the email address is likely used by the hackers themselves to extort money from you.

André

 

Reply
0 Kudos