We see five major emerging trends reshaping the threat landscape. First, threat actors are augmenting traditional ransomware and extortion with attacks designed to intentionally disrupt operations. In 2024, 86% of incidents that Unit 42 responded to involved business...
The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. “The group’s core tactics have remained consistent and do not rely on software...
Broadcom’s VMware vSphere product continues to be a top choice for private cloud virtualization, underpinning important systems and critical infrastructure. Far from losing its appeal, organizations still rely heavily on vSphere for its stability and control....
As FIN groups continue to execute fast-impact ransomware campaigns and nation-state APTs favor long-term infrastructure control, hypervisors have become the new high ground. This talk explores a set of stealthy, reliable persistence techniques targeting VMware ESXi,...
Unit 42 & Mandiant ESXi Recommendations How does your Incident Response plan address ESXi? Check out these recommendations from Unit 42 and Mandiant, along with how ZeroLock can help! Download the...
Aliases ABCD ransomware LockBit 2.0 LockBit Black (3.0) LockBit Green LockBit 5.0 Get Threat Intel and Security Updates Delivered to Your Inbox. Profiling Threat Actor Type: Ransomware-as-a-Service (RaaS) with global affiliate network. ...
Hypervisor attacks are accelerating, and the cost is catastrophic. Recent ESXi ransomware attacks have cost organizations hundreds of millions in recovery. In some cases, a single ESXi breach has led to costs exceeding $400 million. Ransomware targeting virtualized...
The financial sector is built on trust, speed, and constant availability. Despite publicly announcing their “retirement,” Scattered Spider has resurfaced with fresh intrusions into U.S. banks and financial services. Their latest ESXi attack on finance proves the...
Why The Board Should Act Now As hypervisor ransomware attacks surge and exposure widens, this once-overlooked layer now poses material risk to revenue, operations, and oversight. Hypervisor ransomware (specifically on VMware ESXi) has tripled YoY. Attackers have...
