An adversary renames the current motd file on an ESXi host and copies a custom version to its location. This usually contain the ransom notification.
Privileges required
Administrator
Operating systems
ESXi
ATT&CK® technique
T1491
Tags
E-Crime: Nevada
Nevada Ransomware operates via an an affiliate program and has been reported to have carried out a campaign targeting any ESXi machine that is exposed to the internet