ESXi Ransomware Update Outfoxes CISA Recovery Script

1 year ago AndyC

Just
a
week
after
the
Cybersecurity
and
Infrastructure
Security
Agency
(CISA)
released
its

ESXi Ransomware Update Outfoxes CISA Recovery Script

Just
a
week
after
the
Cybersecurity
and
Infrastructure
Security
Agency
(CISA)
released
its

recovery
script
against
ransomware
targeting
VMWare
ESXi
virtual
machines,
a
modified
version
of
the
malware
is
already
in
circulation
that
renders
the
decryptor
script
useless.


So
far,
around
3,800
servers
across
the
globe
have
already
fallen
victim
to

EXSiArgs
ransomware,
CISA
and
the
FBI
warn.

“Where
the
old
encryption
routine
skipped
large
chunks
of
data
based
on
the
size
of
the
file,
the
new
encryption
routine
only
skips
small
(1MB)
pieces
and
then
encrypts
the
next
1MB,”
researchers
at
Malwarebytes
said
in
a
new

report
on
the

ESXi
vulnerability.
“This
ensures
that
all
files
larger
than
128MB
are
encrypted
for
50%.
Files
under
128MB
are
fully
encrypted
which
was
also
the
case
in
the
old
variant.”


Targets
of
ESXi-Args
ransomware
can
tell
if
they
are
infected
with
the
new
variant
if
the
ransom
note
directs
the
victim
to
contact
the
threat
actor
via
the
TOX
encrypted
messenger,
the
report
added.
The
ransom
note
from
the
old
ESXiArgs
variant
that
can
be
mitigated
by
the
CISA-issued
decryptor
includes
a
Bitcoin
address.

Keep
up
with
the
latest
cybersecurity
threats,
newly-discovered
vulnerabilities,
data
breach
information,
and
emerging
trends.
Delivered
daily
or
weekly
right
to
your
email
inbox.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

Managed Security Services Provider (MSSP) Market News: 23 January 2024

Managed Security Services Provider (MSSP) Market News: 23 January 2024

4 months ago AndyC
Widespread phishing campaign deployed by reemerging TA866

Widespread phishing campaign deployed by reemerging TA866

4 months ago AndyC
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

4 months ago AndyC
Sniffing Out SharpHound on its Hunt for Domain Admin

Sniffing Out SharpHound on its Hunt for Domain Admin

10 months ago AndyC
Unravelling the Attack Surface of AI Systems

Unravelling the Attack Surface of AI Systems

11 months ago AndyC
Unravelling the Attack Surface of AI Systems

Unravelling the Attack Surface of AI Systems

11 months ago AndyC

You may have missed

Federal gov reports 14 ransomware attacks last year

Federal gov reports 14 ransomware attacks last year

12 mins ago AndyC
ANSTO readies for SAP cloud migration

ANSTO readies for SAP cloud migration

12 mins ago AndyC
North Korea laundered US7.5 million in stolen crypto in March

North Korea laundered US$147.5 million in stolen crypto in March

12 mins ago AndyC
<div>Amazon's cloud unit chief to step down</div>

Amazon’s cloud unit chief to step down

12 mins ago AndyC
<div>Zscaler & Google unite for enhanced zero-trust security</div>

Zscaler & Google unite for enhanced zero-trust security

12 mins ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.