Project Hyphae

ESXiArgs Ransomware Attack: A Tug-of-War Between Cybercriminals and Cybersecurity

Share This Post

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released a recovery script for organizations affected by a ransomware attack targeting VMWare ESXi servers worldwide. The attacks first made public on February 3rd by the French Computer Emergency Response Team (CERT-FR), are aimed at VMware’s ESXi bare metal hypervisor and target instances running older versions of the software or those that have not been patched to current standards. The ransomware encrypts configuration files on vulnerable virtual machines, making them potentially unusable. CISA and the FBI have released a recovery script that doesn’t delete the affected configuration files, but attempts to create new ones. However, a new version of the ransomware has been reported that makes earlier recovery procedures ineffective. CISA and the FBI recommend that affected organizations follow certain security procedures, including patching the machines to the latest standard and shutting down the Service Location Protocol service.

Reach out to our incident response team for help

More To Explore

Information Security News 9-18-2023

Iranian Cyberspies Target Thousands of Organizations with Password Spray Attacks Article Link: Requests via Facebook Messenger Lead to Hijacked Business Accounts Article Link:

Information Security News 9-11-2023

University of Michigan Requires Password Resets After Cyberattack Article Link: Attackers Accessed UK Military Data Through High-Security Fencing Firm’s Windows 7 Rig Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.