Description
The FortiGuard Incident Response team are ready to assist with the discovery, containment and remediation of intrusions that have originated from exploitation of vulnerable ESXi servers.
There is currently a large scale global campaign targeting external facing ESXi servers that appears to culminate in the deployment of ransomware to encrypt hosted VM files.
A quick, measured response can assist in minimizing business impact and improving the chances of restoring encrypted files.
Scope
FortiGuard.
Solution
Engaging Response Services:
To engage the IR team directly to assist with an investigation, use the ‘Experienced a breach?’ link available here:
https://www.fortinet.com/solutions/enterprise-midsize-business/security-as-a-service/fortiguard-inci...
This webpage also has additional information on the IR services provided and how it can help mitigate the risk of intrusions such as this.
Engaging Proactive Services.
If there is a question of whether the systems may be vulnerable to target as part of this campaign or to proactively prepare the security teams to better handle threats associated with campaigns like this, it is possible to engage our Incident Response Readiness service.
The FortiGuard IR Readiness service can assess the security posture and provide support to patch holes in the defenses, build playbooks to combat emerging threats and war game the existing processes as part of tabletop activities.
Related link:
https://www.fortinet.com/content/dam/fortinet/assets/solution-guides/sb-fortiguard-incident-readines...
