Security News > 2023 > February > Among the thousands of ESXiArgs ransomware victims? FBI and CISA to the rescue
The US Cybersecurity and Infrastructure Security Agency has released a recovery script to help companies whose servers were scrambled in the recent ESXiArgs ransomware outbreak.
In addition to the script, CISA and the FBI today published ESXiArgs ransomware virtual machine recovery guidance on how to recover systems as soon as possible.
Last Friday, France and Italy's cybersecurity agencies sounded the alarm on the ransomware campaign that exploits CVE-2021-21974 - a 9.1/10 rated bug disclosed and patched two years ago.
The bad news: the ransomware infects ESXi, VMware's bare metal hypervisor, which is a potential goldmine for attackers.
Further analysis suggests the ransomware is likely based on Babuk source code.
Babuk source code was leaked in 2021, and has since been used in other ESXi ransomware attacks, such as CheersCrypt and PrideLocker.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/08/esxiargs_ransomware_recovery_script/
Related news
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (source)
- CISA says BianLian ransomware now focuses only on data theft (source)
- CISA, FBI Issue Guidance for Securing Communications Infrastructure (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21974 | Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. | 8.8 |