VMware is among the leading platforms in the virtualization industry. Virtualization software helps organizations utilize the computing resources of their hardware more efficiently. The implementation and management of VMware ESXi environments is relatively simple and straightforward. When running on suitable hardware and properly configured, VMware ESXi infrastructures can enable the high performance, availability, and continuity of business services.
The importance of VMware ESXi hosts and data for an organization is hard to overestimate. VMware ESXi environments are critical for the operation of organizations, as the hypervisor is the solution enabling the entire infrastructure to work. Therefore, a high level of the infrastructure and data protection is required for a VMware ESXi host. Every vulnerability in the host’s protection can be exploited by hackers through different types of malware, such as ransomware.
What’s up with VMware ransomware?
Nearly 40% of organizations worldwide stated that they had been attacked by ransomware in 2021. As VMware is the most popular solution on the virtualization market, ESXi hosts are obviously frequent targets for hackers. With ransomware becoming more sophisticated every day and hackers coming up with new approaches to infiltrating ransomware into corporate systems, the thorough protection of VMware ESXi hosts is a vital necessity for companies that rely on VMware environments to provision the availability of services.
The crux of the matter is that a VMware ESXi host is a single point of access to the entire set of VMs that the host runs. This makes a host a single point of failure in case hackers compromise it. And hackers know that. Breaking into the host may require more effort from the hackers, but once they are in, they will have open access to the infrastructure running on that host, setting them free of the need to break through every VM’s protection separately.
How to enhance VMware ESXi protection against ransomware directly?
One typical question for new users is: is VMware safe? The short answer has always been: every case is special. However, there are universal ways to strengthen the protection of VMware ESXi hosts against ransomware directly by applying particular approaches and solutions.
Both default IT safety rules and hardware protection measures can add reliable security layers that would be enough to make it a challenge for hackers to infiltrate ransomware into your systems. All you need to do is to enable appropriate settings and to keep up with commonly accepted IT security principles.
Secure VMware ESXi installation & boot
Installing VMware ESXi in high security mode is the foundation for the safety of your host and VMs. With security settings enabled, no sensitive data will be sent in clear text, and VMware encryption is applied to all outgoing and incoming traffic.
Also, consider using the security enhancements found on TPM 2.0 hardware chips. Those chips are available with the majority of contemporary physical server hardware. A TPM 2.0 chip enables the VMware ESXi operating system to securely store sensitive data such as keys, measurements, or secrets. With vSphere 7.0 U2 and newer versions, TPM 2.0 chips can also be used to encrypt the configuration and enhance the protection of some settings.
The last but not least important step here is to enable the Secure Boot feature. That is the security enhancement available in the UEFI BIOS settings. This feature ensures that the code loaded at boot has the appropriate digital signatures and isn’t modified or compromised in any way. While some operating systems require complete reinstallations to switch on the Secure Boot, you don’t need to reinstall the VMware ESXi host for that purpose. With ESXi, Secure Boot can be enabled and run properly without the complete system reconfiguration.
Reliable passwords
This point may seem obvious and obligatory: your passwords have to be reliable. Nevertheless, many organizations simply don’t come up with VMware ESXi host passwords that are strong enough. Of course, any password can be broken. Any lock can be opened without a key, but you still want to have a heavy and durable lock on your front door, don’t you?
Passwords like “admin” and “qwerty12345” don’t cut it when speaking of corporate data protection and VMware security. Don’t be too lazy to come up with a password that would take hackers some time to break through. Use password generators to get complicated passwords with 16 or more symbols for the host and VMs. And, of course, avoid storing all your passwords in a notepad file on your server OS’s desktop, in a Google table or doc, etc.
Restricted access to VMware console
Make sure your admins are the only people allowed to access and manage the console of your VMware ESXi VMs. Restrict access for users strictly through role-based access models for guest OSs and always keep in mind the principle of least privilege: if user access to something in the system can be prohibited without a negative impact on the user’s ability to do their job, then it should be prohibited.
Prepared employees
To protect VMware ESXi hosts from ransomware, you need to educate your employees. People working for your company need to know what threats they can expect while they’re doing their job, what negative consequences those threats can provoke, and how to predict and avoid those consequences.
Simply put, let employees know that every email link they see can be a source of potential ransomware threat, and teach them to double-check every object such as an email, website link, or file before opening or launching it. When your workers are aware of how ransomware can infiltrate the VMware infrastructure to reach the ESXi host, and when they remain cautious, the chance of ransomware successfully infiltrating your environment and encrypting your company’s data significantly decreases.
Indirect protection: Back up your VMware ESXi host
Although keeping up with commonly accepted IT rules and using hardware solutions significantly enhances the host’s safety, none of those can guarantee absolute protection against ransomware. Attackers are always one step ahead, so you can only react to their past moves when trying to secure your company’s data and maintain production continuity with direct protection methods.
The alternative way to protect VMware ESXi hosts is to change the battlefield and rules entirely. The most reliable approach to keep corporate data safe from ransomware isn’t new at all. The approach is to do backups.
The back up approach has been known for a long time already. However, many organizations still don’t have a single backup of the data they created even though recovery from backups can be much easier, faster, and more cost efficient than trying to restore data from ransomware-encrypted disks. The recovery is more certain, too. Data decryption with the help of third parties never guarantees the successful restoration of your encrypted data. Neither does paying the ransom to the hackers.
Find your software solution for VMware backup
To enhance the protection of your VMware ESXi hosts and data against ransomware, a modern software backup solution is required. With up-to-date software, you will be able to administer all your backup and recovery activities for multiple hosts and different environments from a single pane of glass. Streamlining your data protection administration is a solid way to save time, effort and money. In case you are already looking for a universal software solution to back up all your physical, virtual, cloud and SaaS workloads, click here for more information.
Automate VMware backup and recovery workflows
The quantity of VMware ESXi hosts and VMs in a particular organization’s IT infrastructure can reach hundreds or even thousands of workloads. You can’t back up all of those VMs efficiently if your backup administration approach relies on manual operations. Automating backup workflows is your best option.
A contemporary backup solution can automatically back up VMware ESXi VMs and hosts based on the preset policies and schedules you set up. Streamline the administration of backup workflows: create the required policies according to your recovery time objectives (RTO) and recovery point objectives (RPO) at once, and know that all your critical data is backed up for sure.
Tier backup data
Backup data tiering is another way to enhance the protection of your VMware ESXi data against ransomware. Eliminate a single point of failure by sending copies of your backups to offsite storages, such as USB flash-drives, external SSDs or hard drives, NAS appliances, or public clouds (Amazon S3, Microsoft Azure, or Wasabi).
The industry-accepted data backup standard is called the 3-2-1 rule. According to that rule, you need to store at least three copies of your data on two different storage media with one copy kept offsite. In that way, you always have backups to use for recovery if the main VMware ESXi host is down due to a ransomware attack.
Finally, consider sending one backup copy to tape. Tape is a ransomware-resilient medium by design. Tape storages suit long-term data archival purposes perfectly, and tape backups can be used for recovery when all digital storages have been compromised by hackers and encrypted by ransomware.
Enable immutability
Up-to-date backup and recovery solutions for VMware ESXi hosts enable you to set immutability periods for backups stored in a Linux-based repository, NAS appliance, or Amazon S3 cloud (via S3 Object Lock). Immutable backups are protected from any change or deletion throughout the entire immutability period. Therefore, ransomware cannot introduce changes to backups and encrypt them even if your storage is within ransomware’s reach.
Use backups for recovery
With relevant backups at hand, you can be ready for a ransomware attack on your VMware ESXi host whenever it occurs. In case all protection measures fail and an attack successfully blocks your host, simply use backups to restore business data and maintain production continuity. Advanced backup software solutions can run preset recovery sequences automatically after you initiate them with a few clicks.
To conclude
Nowadays, no business can prevent ransomware from attacking the corporate IT infrastructure entirely. And it is highly likely that repeated ransomware attacks will eventually successfully break through all the relevant security levels, encrypt sensitive business data and cause production downtime. When the barriers have fallen, backups provide the fastest, most complete, and cheapest way out of a ransomware situation.
With a contemporary versatile software solution, you can enhance the protection of your VMware ESXi host and VMs, along with other physical, cloud, and SaaS workloads. Use the solution’s functionality to automate data backup and recovery workflows, diversify backup storages, enable immutability to prevent ransomware from encrypting backups. Finally, use data backups to quickly recover after a ransomware attack and ensure the minimum loss of data.

