<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Nice! No, didn't see this yet. We have a copy of the file systems
though, so hopefully can apply recovery keys there.<br>
<br>
Thanks muchly,<br>
<br>
--Bart<br>
<br>
<br>
<div class="moz-cite-prefix">On 2/8/2023 7:45 AM, Wade W7ITL wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAECVFzbDdXLwV025z_A5cjGeC1YDyYwDa7qnLgsGFxKcM+PxyQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div>
<div dir="auto">Bart,</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">Have you guys tried to get the decryption keys
for esxiargs ? I work in cyber security and it was announced
that CISA had released the keys to help decrypt folks impacted
by the ransomware attacks</div>
<div dir="auto"><br>
</div>
<div dir="auto">
<div><a
href="https://www.bleepingcomputer.com/news/security/cisa-releases-recovery-script-for-esxiargs-ransomware-victims/?s=03"
moz-do-not-send="true" class="moz-txt-link-freetext">https://www.bleepingcomputer.com/news/security/cisa-releases-recovery-script-for-esxiargs-ransomware-victims/?s=03</a></div>
<br>
</div>
<div dir="auto">73</div>
</div>
<div>
<div dir="auto"><br>
</div>
<div dir="auto">Wade W7ITL</div>
<div dir="auto"><br>
</div>
<div dir="auto">
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Feb 8, 2023 at
4:09 AM Bart Kus <<a href="mailto:me@bartk.us"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">me@bartk.us</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">
<div> Your background sounds like you'd make meaningful
contributions, so I'd encourage you to consider
participating in read-write mode, not just read-only.<br>
<br>
We got hit by this a few days ago on several HVs:<br>
<br>
<a
href="https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/</a><br>
<br>
I'll avoid getting into the technical weeds question, to
keep this thread focused on working group formation.<br>
<br>
--Bart<br>
<br>
<div>On 2/8/2023 3:55 AM, Jamie Owens wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">What\when was the most recent beach?
<div dir="auto"><br>
</div>
<div dir="auto">The hypervisors are accessible
publicly? Why no VPN/VPC.</div>
<div dir="auto"><br>
</div>
<div dir="auto">I've been in admin/networking/devops
world since 2000 and currently attending to get my
BS in CIS/Cyber Security... so if nothing more,
I'd like to tag along and learn more from this
real world scenario from I'm sure way more
experienced users.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Feb 8,
2023, 3:34 AM Bart Kus <<a
href="mailto:me@bartk.us" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">me@bartk.us</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px
0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">All
of the network's control points are on public
non-firewalled IPs. <br>
This is the worst security. It was done this way
for the sake of <br>
simplicity. Our netops volunteers had to get up
to speed with <br>
unfamiliar concepts like routing, funky netmasks,
dynamic routing <br>
protocols, policy routing, VRRP, firewalls, MTUs,
MSS control, IPsec, <br>
etc. We reaped the rewards of KISS from broader
volunteer engagement, <br>
but lately we've been paying too heavy of a price
for the awful security <br>
this simplicity creates. In the most recent
breach we've lost important <br>
source code that will now need to be re-created.
We escaped total <br>
disaster by the thinnest of margins, as one
critical hypervisor just <br>
happened to be patched to 1 version higher than
exploitable. This <br>
simplicity is not a good tradeoff anymore, so the
time has come to <br>
introduce more complexity to the network to
protect all control points.<br>
<br>
This is not a simple problem, since there are many
fragility vs security <br>
tradeoffs, as well as complexity cost concerns.
If you have experience <br>
or thoughts around this area, and can commit to a
few weeks of design <br>
and implementation work on this project, please
indicate your interest. <br>
We'll assemble a small working group in the next
few days and start <br>
discussions. I expect the working format will
involve some virtual <br>
meetings, since email is not high bandwidth enough
to hash out <br>
everything quickly.<br>
<br>
Here's hoping we don't make it worse,<br>
<br>
--Bart<br>
<br>
_______________________________________________<br>
PSDR mailing list<br>
<a href="mailto:PSDR@hamwan.org" rel="noreferrer"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">PSDR@hamwan.org</a><br>
<a
href="http://mail.hamwan.net/mailman/listinfo/psdr"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">http://mail.hamwan.net/mailman/listinfo/psdr</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre style="font-family:monospace">_______________________________________________
PSDR mailing list
<a href="mailto:PSDR@hamwan.org" style="font-family:monospace" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">PSDR@hamwan.org</a>
<a href="http://mail.hamwan.net/mailman/listinfo/psdr" style="font-family:monospace" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">http://mail.hamwan.net/mailman/listinfo/psdr</a>
</pre>
</blockquote>
<br>
</div>
_______________________________________________<br>
PSDR mailing list<br>
<a href="mailto:PSDR@hamwan.org" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">PSDR@hamwan.org</a><br>
<a href="http://mail.hamwan.net/mailman/listinfo/psdr"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">http://mail.hamwan.net/mailman/listinfo/psdr</a><br>
</blockquote>
</div>
</div>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
PSDR mailing list
<a class="moz-txt-link-abbreviated" href="mailto:PSDR@hamwan.org">PSDR@hamwan.org</a>
<a class="moz-txt-link-freetext" href="http://mail.hamwan.net/mailman/listinfo/psdr">http://mail.hamwan.net/mailman/listinfo/psdr</a>
</pre>
</blockquote>
<br>
</body>
</html>