SANS Ransomware Summit 2023
Jackpot! Three Years Of ESXi Ransomware Incidents
Speakers: Josef Williamson, Senior Threat Intelligence Analyst, Crowdstrike
Nearly three years since ransomware actors were first observed targeting virtualization infrastructure in August 2020, ‘hypervisor jackpotting’ has emerged as a key tactic in Big Game Hunting (BGH) campaigns. More than half of ransomware incidents observed by CrowdStrike Intelligence since the start of 2022 have featured ESXi encryption. This presentation will provide consolidated insights from dozens of incidents into the Tactics, Techniques, and Procedures (TTPs) leveraged by ransomware adversaries to target ESXi hypervisors. The presentation will begin with a short recap of VMware virtualization infrastructure, then provide statistics and trends observed across relevant ransomware activity over the last three years, before taking a detailed look at what attackers are doing on ESXi servers. TTPs will be mapped to the MITRE ATT&CK framework, highlighting which tactics provide the best opportunities for detection and the techniques most commonly used to achieve them.
View upcoming Summits:
[ad_2]
source
