Understand how ransomware groups like Scattered Spider compromise your virtual infrastructure—and how to stop them. In today’s threat landscape, ransomware groups like Scattered Spider are increasingly targeting hypervisors, leading to devastating breaches and...
Attacks on hypervisors are increasing due to their devastating blast radius, as highlighted by the recent attacks on MGM Casinos, Johnson Controls, and MITRE. Now, you can protect your hypervisors: Vali Cyber offers the world’s only ransomware protection for...
A new wave of ransomware actors is rewriting the rulebook, and their sights are set on the foundation of enterprise infrastructure: VMware ESXi. Scattered Spider—also tracked as UNC3944, 0ktapus, and Muddled Libra among others—is one of the most agile and dangerous...
In April 2025, Marks & Spencer—one of Britain’s most successful retailers—was crippled by a ransomware attack that didn’t just encrypt endpoints. It locked down VMware ESXi hypervisors, freezing core systems and bringing operations to a standstill. Sales were...
Nathan Montierth and Joseph Comps from Vali Cyber’s Threat Intelligence Team break down why traditional network defenses, such as firewalls, aren’t enough to stop modern threats. Using a real-world inspired attack from UNC3886, where the firewall was the...
Exploits targeting hypervisors are at an all-time high. Enterprise virtualization is a prime target for threat groups due to valuable data and the challenges associated with preventing escape to host attacks. This has been validated with the recent ATT&CK v17...
Modern hypervisors form the backbone of today’s cloud and virtualization environments. By enabling multiple business functions to reside on a single physical server, they enhance efficiency and reduce administrative overhead. As organizations increasingly rely...
MITRE ATT&CK v17 introduces a dedicated ESXi platform, marking a major shift in cybersecurity priorities. The new ESXi matrix spans 12 attack stages — adapting 34 Linux TTPs, carrying over 30 more, and introducing 4 ESXi-specific techniques — officially validating...
MITRE ATT&CK v17 – ZeroLock® Quick Map Quickly scan this map to see how ZeroLock® mitigates 100% of MITRE ATT&CK v17 ESXi TTPs when properly configured and fully deployed through a multilayered approach featuring SSH MFA, Application Filtering, Lockdown...
