Security News > 2023 > February > New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool

After the U.S. Cybersecurity and Infrastructure Security Agency released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data.

The threat actors "Realized that researchers were tracking their payments, and they may have even known before they released the ransomware that the encryption process in the original variant was relatively easy to circumvent," Censys said in a write-up.

Since the start of the ransomware outbreak in early February, over 3,800 unique hosts have been compromised.

A crucial aspect that differentiates it from other ransomware families is the absence of a data leak site, indicating that it's not running on a ransomware-as-a-service model.

"More established ransomware groups typically conduct OSINT on potential victims before conducting an intrusion and set the ransom payment based on perceived value."

"The ESXiArgs ransomware is a prime example of why system administrators need to implement patches quickly after they are released, as well as the lengths that attackers will go to in order to make their attacks successful. However, patching is just one line of defense to rely on."

News URL

https://thehackernews.com/2023/02/new-esxiargs-ransomware-variant-emerges.html