ESXiArgs ransomware fights off Team America's data recovery script

2023-02-16 01:30

A week after the US Cybersecurity and Infrastructure Security Agency and FBI released a recovery script to help victims of the widespread ESXiArgs ransomware attacks recover infected systems, an updated variant of the malware aimed at vulnerable VMware ESXi virtual machines can't be remediated with the government agencies' code, according to Malwarebytes.

"This makes recovery next to impossible," Arntz wrote in a post this week, noting reports from victims of recent ESXiArgs attacks about the ransomware's new encryptor.

In its alert explaining the recovery script, CISA noted that ESXiArgs encrypts particular configuration associated with VMS on vulnerable servers, making the virtual machines unusable.

"The recovery script documented below automates the process of recreating configuration files."

The new variant of ESXiArgs encrypts more data than CISA's recovery tool is designed to recover.

Initial reports pointed to ESXiArgs being linked to the Nevada ransomware family that hit the scene in December 2022.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/16/esxiargs_ransomware_variant_cisa/

#america #ransomware