{"id":12307,"date":"2024-08-01T04:00:31","date_gmt":"2024-08-01T04:00:31","guid":{"rendered":"https:\/\/sekuritasit.com\/?p=12307"},"modified":"2024-08-01T04:00:31","modified_gmt":"2024-08-01T04:00:31","slug":"vmware-esxi-ransomware-attack-cve-2024-37085","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/","title":{"rendered":"VMware ESXi Ransomware Attack (CVE-2024-37085)"},"content":{"rendered":"<p>What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According to the blog, Akira and Black Basta ransomware deployments were found on the impacted servers. The vulnerability has also been added to CISA\u2019s Known Exploited Catalog (KEV) list on July 31, 2024.What is the recommended Mitigation?Please go through the vendor provided update to address the security vulnerability. Support Content Notification &#8211; Support Portal &#8211; Broadcom support portalWhat FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by the vendor immediately to secure their systems.FortiGuard Intrusion Prevention Service (IPS) protection is currently being investigated to defend against exploitation of CVE-2024-37085.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.To learn more about the Akira and BlackBasta Ransomware, read the Outbreak Reports posted by FortiGuard Labs. Black Basta Ransomware | Outbreak Alert | FortiGuard LabsAkira Ransomware | Outbreak Alert | FortiGuard Labs<a href=\"https:\/\/fortiguard.fortinet.com\/threat-signal-report\/5498\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12307","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Sekuritas IT \u203a Creative solutions to unique challenges.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"VMware ESXi Ransomware Attack (CVE-2024-37085) \u203a Sekuritas IT\" \/>\n\t\t<meta property=\"og:description\" content=\"What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2024-08-01T04:00:31+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2024-08-01T04:00:31+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=100086973577423\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"VMware ESXi Ransomware Attack (CVE-2024-37085) \u203a Sekuritas IT\" \/>\n\t\t<meta name=\"twitter:description\" content=\"What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/08\\\/01\\\/vmware-esxi-ransomware-attack-cve-2024-37085\\\/#blogposting\",\"name\":\"VMware ESXi Ransomware Attack (CVE-2024-37085) \\u203a Sekuritas IT\",\"headline\":\"VMware ESXi Ransomware Attack (CVE-2024-37085)\",\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"},\"datePublished\":\"2024-08-01T04:00:31+00:00\",\"dateModified\":\"2024-08-01T04:00:31+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/08\\\/01\\\/vmware-esxi-ransomware-attack-cve-2024-37085\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/08\\\/01\\\/vmware-esxi-ransomware-attack-cve-2024-37085\\\/#webpage\"},\"articleSection\":\"Uncategorized\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/08\\\/01\\\/vmware-esxi-ransomware-attack-cve-2024-37085\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sekuritasit.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"position\":2,\"name\":\"Uncategorized\",\"item\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/08\\\/01\\\/vmware-esxi-ransomware-attack-cve-2024-37085\\\/#listItem\",\"name\":\"VMware ESXi Ransomware Attack (CVE-2024-37085)\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/08\\\/01\\\/vmware-esxi-ransomware-attack-cve-2024-37085\\\/#listItem\",\"position\":3,\"name\":\"VMware ESXi Ransomware Attack (CVE-2024-37085)\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\",\"name\":\"Sekuritas IT\",\"description\":\"Creative solutions to unique challenges.\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/profile.php?id=100086973577423\"]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/08\\\/01\\\/vmware-esxi-ransomware-attack-cve-2024-37085\\\/#webpage\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/08\\\/01\\\/vmware-esxi-ransomware-attack-cve-2024-37085\\\/\",\"name\":\"VMware ESXi Ransomware Attack (CVE-2024-37085) \\u203a Sekuritas IT\",\"description\":\"What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/08\\\/01\\\/vmware-esxi-ransomware-attack-cve-2024-37085\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"datePublished\":\"2024-08-01T04:00:31+00:00\",\"dateModified\":\"2024-08-01T04:00:31+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"name\":\"Sekuritas IT\",\"alternateName\":\"Sekuritas\",\"description\":\"Creative solutions to unique challenges.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"VMware ESXi Ransomware Attack (CVE-2024-37085) \u203a Sekuritas IT","description":"What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According","canonical_url":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/#blogposting","name":"VMware ESXi Ransomware Attack (CVE-2024-37085) \u203a Sekuritas IT","headline":"VMware ESXi Ransomware Attack (CVE-2024-37085)","author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"},"datePublished":"2024-08-01T04:00:31+00:00","dateModified":"2024-08-01T04:00:31+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/#webpage"},"isPartOf":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/#webpage"},"articleSection":"Uncategorized"},{"@type":"BreadcrumbList","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","position":1,"name":"Home","item":"https:\/\/sekuritasit.com","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","position":2,"name":"Uncategorized","item":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/#listItem","name":"VMware ESXi Ransomware Attack (CVE-2024-37085)"},"previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/#listItem","position":3,"name":"VMware ESXi Ransomware Attack (CVE-2024-37085)","previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}}]},{"@type":"Organization","@id":"https:\/\/sekuritasit.com\/#organization","name":"Sekuritas IT","description":"Creative solutions to unique challenges.","url":"https:\/\/sekuritasit.com\/","sameAs":["https:\/\/www.facebook.com\/profile.php?id=100086973577423"]},{"@type":"WebPage","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/#webpage","url":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/","name":"VMware ESXi Ransomware Attack (CVE-2024-37085) \u203a Sekuritas IT","description":"What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/sekuritasit.com\/#website"},"breadcrumb":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/#breadcrumblist"},"author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"creator":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"datePublished":"2024-08-01T04:00:31+00:00","dateModified":"2024-08-01T04:00:31+00:00"},{"@type":"WebSite","@id":"https:\/\/sekuritasit.com\/#website","url":"https:\/\/sekuritasit.com\/","name":"Sekuritas IT","alternateName":"Sekuritas","description":"Creative solutions to unique challenges.","inLanguage":"en-US","publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Sekuritas IT \u203a Creative solutions to unique challenges.","og:type":"article","og:title":"VMware ESXi Ransomware Attack (CVE-2024-37085) \u203a Sekuritas IT","og:description":"What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According","og:url":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/","article:published_time":"2024-08-01T04:00:31+00:00","article:modified_time":"2024-08-01T04:00:31+00:00","article:publisher":"https:\/\/www.facebook.com\/profile.php?id=100086973577423","twitter:card":"summary_large_image","twitter:title":"VMware ESXi Ransomware Attack (CVE-2024-37085) \u203a Sekuritas IT","twitter:description":"What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According"},"aioseo_meta_data":{"post_id":"12307","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2024-08-01 04:07:22","updated":"2025-10-15 10:54:31","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/\" title=\"Uncategorized\">Uncategorized<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tVMware ESXi Ransomware Attack (CVE-2024-37085)\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/sekuritasit.com"},{"label":"Uncategorized","link":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/"},{"label":"VMware ESXi Ransomware Attack (CVE-2024-37085)","link":"https:\/\/sekuritasit.com\/index.php\/2024\/08\/01\/vmware-esxi-ransomware-attack-cve-2024-37085\/"}],"_links":{"self":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/12307","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/comments?post=12307"}],"version-history":[{"count":1,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/12307\/revisions"}],"predecessor-version":[{"id":12308,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/12307\/revisions\/12308"}],"wp:attachment":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media?parent=12307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/categories?post=12307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/tags?post=12307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}