Security News > 2023 > February > New ESXiArgs ransomware version prevents VMware ESXi recovery
New ESXiArgs ransomware attacks are now encrypting more extensive amounts of data, making it much harder, if not impossible, to recover encrypted VMware ESXi virtual machines.
Last Friday, a massive and widespread automated ransomware attack encrypted over 3,000 Internet-exposed VMware ESXi servers using a new ESXiArgs ransomware.
A second ESXiArgs ransomware wave started today and includes a modified encryption routine that encrypts far more data in large files.
BleepingComputer first learned of the second wave after an admin posted in the ESXiArgs support topic stating that their server was encrypted and could not be recovered using the methods that had worked previously.
Ransomware expert Michael Gillespie told BleepingComputer that this change causes the encryptor to alternate between encrypting 1 MB of data and skipping 1 MB of data.
BleepingComputer still recommends attempting to recover encrypted ESXi servers using CISA's recovery script.