Security News > 2023 > February > New ESXiArgs ransomware version prevents VMware ESXi recovery

New ESXiArgs ransomware version prevents VMware ESXi recovery
2023-02-09 03:45

New ESXiArgs ransomware attacks are now encrypting more extensive amounts of data, making it much harder, if not impossible, to recover encrypted VMware ESXi virtual machines.

Last Friday, a massive and widespread automated ransomware attack encrypted over 3,000 Internet-exposed VMware ESXi servers using a new ESXiArgs ransomware.

A second ESXiArgs ransomware wave started today and includes a modified encryption routine that encrypts far more data in large files.

BleepingComputer first learned of the second wave after an admin posted in the ESXiArgs support topic stating that their server was encrypted and could not be recovered using the methods that had worked previously.

Ransomware expert Michael Gillespie told BleepingComputer that this change causes the encryptor to alternate between encrypting 1 MB of data and skipping 1 MB of data.

BleepingComputer still recommends attempting to recover encrypted ESXi servers using CISA's recovery script.


News URL

https://www.bleepingcomputer.com/news/security/new-esxiargs-ransomware-version-prevents-vmware-esxi-recovery/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591