Piratage de serveurs sous VMware ESX


« Hello everyone,

I just want to tell you that your server was hacked. Your protection was completely awful…
While the entrance, we downloaded the virtual machines and deleted them.
(We had to download for many hours -.- Compressed files but huge ones…)
Do not try to search in your logfiles. We deleted the important parts.
If you want to get the backup of your VMs, you should send us an amount of 2.5 BTC (Bitcoin)
for each VM to the address « 1B45kTfXKjT7eU3xnaH1LvJ8wnM5wbNwL1″. After the payment, we will contact you via mail.
Then, we will send you a HDD where the VMs are stored. If you want, we can give you access to our FTP where you can
download them. (Because FTP is faster, remember the shipping time of the HDD after payment)

Please notice, that we will sell the VMs to others if we will not receive these Bitcoins from you. Do not worry,
you have 2 weeks for these payment. After 2 weeks without payment, we will break the VM and sell
all data to our customers (other hackers, spammers, scammers, …)
(FYI: Some of them may use the data of your customers/employees/… to blackmail them for money. No nice guys, but they pay for that data)

Do not worry: If we receive the BTC, we will send you the backup (or give you full access to FTP) and delete all data here.
(If you want FTP, you can do it for your own) We are hackers, but we want to play fair. If you pay, your data will be secure.
There a short overview about where to buy BTC:
– www.litebit.eu
– www.anycoindirect.eu
– www.happycoins.com
– www.bitcoin.de
– www.btcdirect.eu
– www.clevercoin.com
– www.bitstamp.net

We wish you a nice week
Kind regards

– Russian guardians

Please think about our offer, your data and your computers…  »

C’est le message que quelques personnes (au moins des centaines je pense) ont pu découvrir ou découvriront en se baladant dans les datastores de leurs serveurs ESX/ESXi exposés à Internet… dans le beau dossier « HACKED ».

Pourquoi et comment? Il semble que des pirates scannent et attaquent les serveurs ESX/ESXi vulnérables à Heartbleed.. Exemple d’utilisateur piraté ici.

Les petits salauds s’amusent ensuite à effacer ou abimer les datastores pour rendre les VMs inutilisables.. très sympa n’est-ce pas.

La solution c’est de patcher votre serveur en passant sur la dernière version d’ESX 5.5 ou 6.0

Les instructions de VMware sur les démarches à suivre et quel patch appliquer sont ici.

Prudence avec vos machines et ayez une sauvegarde .. ou deux.. ou trois.

Tags: ,