ESXiArgs ransomware security bug and solutions to fix it
According to the observations and the obtained news, many servers with Esxi virtualizer are now at risk of ESXiArgs ransomware.
This risk exists in all versions 5 and 6. The reason for this security bug is a service called OpenSSL.
In the first step, please close the unnecessary ports as soon as possible, limit the main ports to one IP, change all your server’s access information, and back up all the VMs.
The definitive solution to this problem is to install ESXiArgs virtualizer security patches.
To install the ESXI security patch, proceed as follows:
1- Checking the server version to download the required version:
vmware -v
2 – Temporary SSH activation:
host > configuration > security profile > services > properties > SSH
Or in the new version, enable TSM-SSH in ADS (instead of IP, enter the IP of the server):
https://YOUR-IP/ui/#/host/manage/services
3- Login to SSH and enter the following commands:
cd /vmfs/volumes/datastore1/
4- According to the installed version, download one of the links:
wget https://dl.iranserver.com/ISO/ESXi/Patch/ESXi670-202210001.zip
wget https://dl.iranserver.com/ISO/ESXi/Patch/ESXi650-202210001.zip
wget https://dl.iranserver.com/ISO/ESXi/Patch/ESXi600-202002001.zip
5- Then install the same downloaded version with the following command:
esxcli software vib update -d /vmfs/volumes/datastore1/ESXi670-202210001.zip
esxcli software vib update -d /vmfs/volumes/datastore1/ESXi650-202210001.zip
esxcli software vib update -d/vmfs/volumes/datastore1/ESXi600-202002001.zip
6- If a successful message is seen in the update, we will reboot the server.
7- After the server is up, you may not have access to SSH, to check the installed version through the web panel, you can check the installed version or activate SSH again according to step 2 and enter the command to check the version entered in step 1 We have to type again to know the correctness of the update
