ESXiArgs Ransomware Attack: A Tug-of-War Between Cybercriminals and Cybersecurity

Share This Post

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released a recovery script for organizations affected by a ransomware attack targeting VMWare ESXi servers worldwide. The attacks first made public on February 3rd by the French Computer Emergency Response Team (CERT-FR), are aimed at VMware’s ESXi bare metal hypervisor and target instances running older versions of the software or those that have not been patched to current standards. The ransomware encrypts configuration files on vulnerable virtual machines, making them potentially unusable. CISA and the FBI have released a recovery script that doesn’t delete the affected configuration files, but attempts to create new ones. However, a new version of the ransomware has been reported that makes earlier recovery procedures ineffective. CISA and the FBI recommend that affected organizations follow certain security procedures, including patching the machines to the latest standard and shutting down the Service Location Protocol service.

https://www.networkworld.com/article/3687610/vmware-esxi-server-ransomware-evolves-after-recovery-script-released.html

https://www.bleepingcomputer.com/news/security/new-esxiargs-ransomware-version-prevents-vmware-esxi-recovery/

https://www.zdnet.com/article/vmware-warns-of-esxiargs-ransomware-attacks-on-unpatched-esxi-hypervisors/



Reach out to our incident response team for help

More To Explore

Information Security News – 6/2/2025

Why Layoffs Increase Cybersecurity Risks Article Link: https://www.helpnetsecurity.com/2025/05/26/layoffs-cybersecurity-risks/ The CISO’s Dilemma: Balancing Access, Security, and Operational Continuity Article Link: https://www.forbes.com/councils/forbestechcouncil/2025/05/27/the-cisos-dilemma-balancing-access-security-and-operational-continuity/ Massive Data Breach Exposes 184

Information Security News – 5/19/2025

Attackers Lace Fake Generative AI Tools With ‘Noodlophile’ Malware Article Link: https://www.darkreading.com/endpoint-security/attackers-fake-generative-ai-tools-malware CISA Reverses Decision on Cybersecurity Advisory Changes Article Link: https://www.infosecurity-magazine.com/news/cisa-reverses-decision-advisory/ FBI Warns That

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.