Security News > 2023 > February > CISA releases recovery script for ESXiArgs ransomware victims
The U.S. Cybersecurity and Infrastructure Security Agency has released a script to recover VMware ESXi servers encrypted by the recent widespread ESXiArgs ransomware attacks.
To assist users in recovering their servers, CISA released an ESXiArgs-Recover script on GitHub to automate the recovery process.
"CISA is aware that some organizations have reported success in recovering files without paying ransoms. CISA compiled this tool based on publicly available resources, including a tutorial by Enes Sonmez and Ahmet Aykac," explains CISA. "This tool works by reconstructing virtual machine metadata from virtual disks that were not encrypted by the malware."
CISA urges admins to review the script before using it to understand how it works and avoid possible complications.
While the script should not cause any issues, BleepingComputer strongly advises that backups are created before attempting recovery.
"While CISA works to ensure that scripts like this one are safe and effective, this script is delivered without warranty, either implicit or explicit." warns CISA. "Do not use this script without understanding how it may affect your system. CISA does not assume liability for damage caused by this script."