blog posts

ESXiArgs

ESXiArgs ransomware security bug and solutions to fix it

According to the observations and the obtained news, many servers with Esxi virtualizer are now at risk of ESXiArgs ransomware.

This risk exists in all versions 5 and 6. The reason for this security bug is a service called OpenSSL. In the first step, please close the unnecessary ports as soon as possible, limit the main ports to one IP, change all your server’s access information, and back up all the VMs.

The definitive solution to this problem is to install ESXiArgs virtualizer security patches.

To install the ESXI security patch, proceed as follows.

1- Checking the serve@r version to download the required version:

  • vmware -v

2 – Temporary SSH activation:

  • host > configuration > security profile > services > properties > SSH
  • Or, in the new version, enable TSM-SSH in ADS (instead of IP, enter the IP of the server):
  • https://YOUR-IP/ui/#/host/manage/services

3- Login to SSH and enter the following commands:

  • cd /vmfs/volumes/datastore1/

4- According to the installed version, download one of the links:

  • wget https://dl.ded9.com/ISO/ESXi/Patch/ESXi670-202210001.zip
  • wget https://dl.ded9.com/ISO/ESXi/Patch/ESXi650-202210001.zip
  • wget https://dl.ded9.com/ISO/ESXi/Patch/ESXi600-202002001.zip

5- Then install the same downloaded version with the following command:

  • esxcli software vib update -d /vmfs/volumes/datastore1/ESXi670-202210001.zip
  • esxcli software vib update -d /vmfs/volumes/datastore1/ESXi650-202210001.zip
  • esxcli software vib update -d/vmfs/volumes/datastore1/ESXi600-202002001.zip

6- If a successful message is seen in the update, we will reboot the server.

7- After the server is up, you may not have access to SSH, to check the installed version through the web panel, you can check the installed version or activate SSH again according to step 2 and enter the command to check the version entered in step 1 We have to type again to know the correctness of the update