The ransomware compromised ESXi servers and creates .args files

The ransomware compromised ESXi servers and creates .args files

New ESXiArgs ransomware   attacked on ESXi Servers.

The systems currently targeted would be ESXi hypervisors in version 6.x and prior to 6.7. The compromised ESXi servers  ransomware encrypts .vmxf, .vmx, .vmdk, .vmsd, and .nvram files and creates with the extensions .args on compromised ESXi servers.

Victims have also get ransom notes named “ransom.html” and “How to Restore Your Files.html” on locked systems.

 

more in detail 

Download custom VMware ESXi for Lenovo Servers

Download custom VMware ESXi for Lenovo Serversvmware lenovo

Updating firmware & device drivers

  1. Go to Lenovo Support Portal.
  2. Under Select a Product Family click on Data Center then select Servers.
  3. In the Select Series drop down box select ThinkSystem.
  4. In the Select Subseries drop down box select the model of your server.
  5. In the Select Machine Type drop down box select the machine type of your server.
  6. On the next page select Drivers & Software from the blue banner.
  7. In the Operating System drop down box select VMWare ESXi 6.7.
  8. This will display a list of the most recent firmware and device drivers for your system.
  9. Follow the Readme.txt file in each download package for installation instructions.

 

device drivers

How to Restart Management agents in ESXi Using ESXi Shell or Secure Shell (SSH)

How to Restart Management agents in ESXi Using ESXi Shell or Secure Shell (SSH).

  1. Log in to ESXi Shell or SSH as root.For Enabling ESXi Shell or SSH, see Using ESXi Shell in ESXi 5.x and 6.x

Restart the ESXi host daemon and vCenter Agent services using these commands:

/etc/init.d/hostd restart

/etc/init.d/vpxa restart

or

  • To reset the management network on a specific VMkernel interface, by default vmk0, run the command:esxcli network ip interface set -e false -i vmk0; esxcli network ip interface set -e true -i vmk0

    Note: Using a semicolon (;) between the two commands ensures the VMkernel interface is disabled and then re-enabled in succession. If the management interface is not running on vmk0, change the above command according to the VMkernel interface used.

  • To restart all management agents on the host, run the command:services.sh restart
  • original link

how to restart vmware esxi Network adapter

how to restart vmware esxi Network adapter

Login to VMware Esxi through ssh

check the network interfaces by following command .

# esxcli network nic list

----To  down your interface -----

# esxcli network nic down -n vmnicX                 X   replace X with your nic number

---To  make interface UP ---

# esxcli network nic up -n vmnicX

How to install VMware tools in Linux Virtual Machine

How to install VMware tools in Linux Virtual Machine

  1. Make sure Linux virtual machine is powered on.
  2. Click VMin the virtual machine menu, then click Guest > Install/Upgrade VMware Tools.
  3. Click OK.Note: In some cases, verify that the CDROM device is Connectedfrom within the Edit Settings option of the virtual machine.
  4. To create a mount point, run:mkdir /mnt/cdrom
  5. To mount the CDROM, run:mount /dev/cdrom /mnt/cdrom
  6. Continue reading How to install VMware tools in Linux Virtual Machine

VMware OS Optimization Tool

VMware OS Optimization Tool

The VMware OS Optimization Tool helps optimize Windows 7/8/2008/2012/10 systems for use with VMware Horizon View. The optimization tool includes customizable templates to enable or disable Windows system services and features, per VMware recommendations and best practices, across multiple systems. Since most Windows system services are enabled by default, the optimization tool can be used to easily disable unnecessary services and features to improve performance.

You can perform the following actions using the VMware OS Optimization Tool:

  • Local Analyze/Optimize
  • Remote Analyze
  • Optimization History and Rollback
  • Managing Templates

Download latest  VMware OS Optimization Tool

How configure crontab in ESXi to schedule a job every 5 min

How configure crontab in ESXi to schedule a job every 5 min

For scheduling a command or script every 5 min in ESXi we need to edit following file

/var/spool/cron/crontabs/root

vi /var/spool/cron/crontabs/root

#min hour day mon dow command
1    1    *   *   *   /sbin/tmpwatch.py
1    *    *   *   *   /sbin/auto-backup.sh
0    *    *   *   *   /usr/lib/vmware/vmksummary/log-heartbeat.py
*/5  *    *   *   *   /sbin/hostd-probe ++group=host/vim/vmvisor/hostd-probe
00   1    *   *   *   localcli storage core device purge
*/2 * * * * /usr/lib/vmware/vsan/bin/vsanObserver.sh

Continue reading How configure crontab in ESXi to schedule a job every 5 min