Cheers ransomware hits VMware ESXi systems

Another ransomware strain is targeting VMware ESXi servers

Home
Our Story
Our Solutions
Our Solutions
Telephony Solutions
Broadband
IT Services
Partners
Case Studies
FAQs
News
Contact

Get a free, no obligation telecoms audit

Simply scan and upload your latest telephony bill to find out if we can save you money.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Ransomware hits VMware ESXi systems

Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

ESXi, a bare metal hypervisor that installs easily on to your server and partitions it into multiple virtual machines.  It is used by a broad range of organizations throughout the world and has become the target of ransomware.

The common use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtual systems and connected devices.

Compromising ESXi servers is a means to swiftly spread the ransomware to many devices.

Cheers ransomware

The latest ransomware is one  researchers are calling Cheerscrypt – or simply Cheers – and like an increasing number of outbreaks, comes with a double-extortion threat aimed at incentivizing victims to pay the demanded ransom.

In the ransom note that pops up on a victim's screens, the cybercriminals give the organization three days to contact them. Otherwise, the group will publicly release data exfiltrated from the compromised box, and increase the amount of the ransom.

To pull this off, it appears miscreants have to achieve privileged shell access to the targeted ESXi hypervisor server, or otherwise gain the ability to run commands on the host. Once uploaded to and running on the ESXi server in a Linux environment, the Cheers ransomware runs a command to terminate all the running virtual machine (VM) processes using an esxcli command, and runs the code to encrypt data on the box.

The ransomware seeks out log files and VMware-related files that have the extensions .log, .vmdk, .vmem, .vswp, and .vmsn. For every directory it encrypts, the malware will leave a ransomware noted named "How to Restore Your Files.txt." Files that have been successfully encrypted are given the .Cheers extension.


Once the encryption is completed, the ransomware displays statistics of what it's done, from the number of encrypted files and that of files it didn't encrypt to the amount of the encrypted data.

The Cheerscrypt executable file includes the public half of a public-private key pair; the malware's masterminds keep hold of the private half to themselves. The program uses the SOSEMANUK stream cipher to encrypt the compromised machine's data.

Organizations need to be proactive when protecting systems against ransomware and other attacks.

Just as attackers do a risk/reward calculation to determine the attack surface of choice, so should defenders do a cost/benefit analysis on mitigation.

For more on Ransomware, and how you can protect yourself, email it.orders@teamsirius.co.uk

Broadband Maintenance

January 2023

Keeping you Connected

VoIPTools

August 2023

Improve performance with Enhanced Features for 3CX.

Sirius about Symmetrical FTTP

July 2023

Stream, browse, surf, talk, teach, and create - with no loss of speed. Our Symmetrical FTTP Services are perfect for companies who need more than standard Broadband.

Ultrafast Broadband

July 2023

Ultrafast Full Fibre broadband, Fibre to the home (FTTH), or Fibre to the Premise (FTTP) creates an unbroken fibre connection all the way from an exchange

SOTAP

August 2023

SOTAP is a new product designed to replace ADSL connections as they become end of life

The FTTP Priority Exchange Programme

April 2023

What is the FTTP Priority Exchange Rollout?

Are you ready to switch on?

May 2023

There are less than 5 months to go until the stop sell - are you prepared?

Reboot vs Reset: What's the Difference?

February 2023

Are reset and reboot the same thing?

Most Hacked Passwords Revealed

March 2023

A sneak peek of some of the most hacked passwords. Is yours on the list?

Ransomware

February 2023

Ransomware is the number one malware threat to businesses around the world. But do you know exactly what it is, and what you can do to help prevent it?

Phishing, Vishing and Smishing

February 2023

Cyber crime can take many forms. We detail some of the common scams and give advice on what you can look out for

Are you too trusting?

February 2023

How online criminals use your trust to scam you

Openreach to Limit PSTN Performance

February 2023

Openreach is planning to trial a set of service management measures to encourage customers to upgrade to digital services

Switch on to the Switch Off

January 2023

As the UK moves away from the copper network, those analogue connections you’re currently using will soon become a thing of the past.

Record Rollout of Faster Internet Connections

December 2022

More than four in ten homes can now access faster internet connections, as the rollout of full-fibre technology continues at record pace.

Christmas Provisioning Freeze 2022

December 2022

Confirmation of dates during which non urgent provisioning will be frozen, to ensure service reliability.

Panasonic Phone Systems Discontinued

December 2022

Panasonic have decided to discontinue their Business Communication range. If you are a Panasonic PBX user, read on to find out what this means for you.

Christmas Office Hours 2022

December 2022

Christmas Opening Hours and How to Obtain Support

3CX Bronze Partner

November 2022

Did you know, that Sirius are a Certified 3CX Partner?

As a Matter of Fax

November 2022

Ofcom proposal to remove fax from the universal service obligation

999 BSL Service

July 2022

The new emergency video relay service, 999 BSL, for the deaf community has been launched

Need Help with your IT?  Check this out ...

June 2022

If you need IT Support, join Team Sirius, and create your own support package at a level that suits you best

How Fast Will my Internet Be?

June 2022

When it comes to Broadband, everyone has the need for speed, but how fast can you expect your Internet to be?

REIN and SHEIN

June 2022

Something interfering with your Broadband service, but you can't put your finger on what? You may be affected by electrical interference, read on to find out more.

Fraud awareness and staying safe online

June 2022

As the number of scam emails, calls and cyber incidents grow, we want to remind you of some of the simple ways that you can help to keep your information safe and protect against fraud.

Cheers ransomware hits VMware ESXi systems

May 2022

Another ransomware strain is targeting VMware ESXi servers

MMS Mobile Malware (Flubot)

May 2022

An overview of the Flubot MMS scam, currently affecting Android devices

Contracts, and Changes to Terms and Conditions

April 2022

Find out where you stand if your provider increases your monthly price beyond what you agreed when you signed up

BT Pause Digital Voice Plans for Consumers

March 2022

BT pause Digital Voice plans for Consumers, while they work on a more resilient rollout - from the BT Newsroom

What is Hosted Voice?

March 2022

The Future of Communications is changing, read more about Hosted Voice, and how it could help you.

The Advantages of VoIP

April 2022

Hosted Voice offers business communications with the latest services and applications - all delivered from the Cloud. Read more about its advantages here.

What is SIP?

November 2021

Everything you need to know about SIP Trunks

Switching Mobile Supplier

April 2022

Want to switch mobile phone provider while keeping your number? With the new text-to-switch service, it only takes one text message.

How to Boost Mobile Signal

April 2022

Poor phone signal? Here are three things you can try to solve the problem.

Call Cost Guide

March 2022

Indicative Pricing for Outbound Calling - A handy guide of common dial codes and associated call costs

SIP ALG

February 2022

What is SIP ALG, and why should be disabled on most routers ?

The Great British Switch Off: Time to think about your options

March 2022

By December 2025 the copper network will cease to exist, and everyone using copper based voice or broadband services will need to move. But what are your options?

Fibre Optic Broadband: Getting Connected

January 2022

Fibre Optic Broadband: Getting Connected

Christmas Office Hours 2021

December 2021

Team Sirius' Christmas Opening Hours and How to Get Support

The Semiconductor Shortage

November 2021

The rundown on the Microchip Shortage, and why it hasn't been fixed yet

Last Order Dates 2021

December 2021

A rundown of the last dates for placing orders in 2021

Christmas Provisioning Freeze 2021

December 2021

Confirmation of dates during which non urgent provisioning will be frozen, to ensure service reliability

Remote IT Support

October 2021

The Benefits of Remote IT Support, from Sirius

Scam Calls & Texts

October 2021

Almost 45 million people were targeted by scam calls and texts this summer, read on, to find out how you can report such scams

What is the Great British Switch Off?

October 2021

What is the Great British Switch off? and how can you make sure you're ready?

General Terms & Conditions of Service

October 2020

General Terms and Conditions for the Provision & Use of Services

Average UK Broadband Speeds Increase

September 2021

Average UK broadband speeds increase, as companies roll out faster networks

REvil Hacking Attacks

September 2021

Criminal hacking organisation planning attacks on VoIP companies in the UK

Summer 2021 Update – Mobile

September 2021

2021 has seen a lot of change within the Mobile industry, so as we come out of summer, we thought it would be useful provide an overview on changes which have been made, and changes which are to come

Summer 2021 Update – WLR3 Withdrawal

August 2021

Openreach's WLR withdrawal plan is beginning to pick up pace, and the stop sell is in full effect ....

Service Maintenance

August 2021

Our service maintenance structure for Broadband and Telephone Lines has various levels, allowing you to select the cover that best suits your business’ needs.

WiFi Calling Supported Devices (Vodafone)

January 2021

Additional supported devices on the Vodafone network

Switching Made Easy

August 2021

Insurances, Mortgages, Gas and Electric … we all know that switching supplier can bring great reward, but when it comes to Telecoms, there still seems to be an air of uncertainty. Read our blog, to set your mind at ease and dispel common misconceptions.

NQA Certification - ISO 9001:2015

July 2021

Sirius gain ISO certification for a second year running

What is SOGEA?

July 2021

SOGEA is the next great shake up in Broadband. But what does it stand for, and what does it do? Read our blog to find out.

Broadband Speed

June 2021

Slow broadband can make working, browsing or streaming a painful experience, so when it comes to The Internet everyone has the need for speed !

UK Broadband Speeds on the Rise

May 2021

Average download speeds increased by a quarter last year!

Ransomware - What is it and how can you help prevent it?

April 2021

Ransomware is the number one malware threat to businesses around the world. But do you know exactly what it is, and what you can do to help prevent it? Read our blog to find out more.

UK Internet usage doubles in 2020!

January 2021

Is there any surprise that with the pandemic usage was so high? How much do you think your internet usage changed during 2020?

What is VoIP?

November 2020

What is VoIP? And why do you need it? Our handy and quick guide will explain it!

Local company to share profits as donations with Grace House

September 2020

Washington based Sirius Telecom are partnering with GraceHouse and introducing a new referral offer that will benefit the lives of children and young people using the charity.

Sirius unite with Bastion IT to complete service offering

October 2020

Washington based Sirius Telecom are delighted to announce their merger with local IT professional services company Bastion IT.

Sirius Telecom Ltd, 2 Harvey Close
Crowther Ind Est, Washington NE38 0AB

0191 419 8181
info@teamsirius.co.uk

Terms and ConditionsPrivacy PolicyCode of PracticeComplaints
Terms and Conditions
© Sirius Telecom 2021