Security News > 2023 > February > Among the thousands of ESXiArgs ransomware victims? FBI and CISA to the rescue
The US Cybersecurity and Infrastructure Security Agency has released a recovery script to help companies whose servers were scrambled in the recent ESXiArgs ransomware outbreak.
In addition to the script, CISA and the FBI today published ESXiArgs ransomware virtual machine recovery guidance on how to recover systems as soon as possible.
Last Friday, France and Italy's cybersecurity agencies sounded the alarm on the ransomware campaign that exploits CVE-2021-21974 - a 9.1/10 rated bug disclosed and patched two years ago.
The bad news: the ransomware infects ESXi, VMware's bare metal hypervisor, which is a potential goldmine for attackers.
Further analysis suggests the ransomware is likely based on Babuk source code.
Babuk source code was leaked in 2021, and has since been used in other ESXi ransomware attacks, such as CheersCrypt and PrideLocker.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/08/esxiargs_ransomware_recovery_script/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21974 | Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. | 5.8 |