ESXi Ransomware Update Outfoxes CISA Recovery Script

  /     /     /  
Publicated : 23/11/2024   Category : security


ESXi Ransomware Update Outfoxes CISA Recovery Script


New ESXiArgs-ransomware attacks include a workaround for CISAs decryptor, researchers find.



Just a week after the Cybersecurity and Infrastructure Security Agency (CISA) released its
recovery script against ransomware
targeting VMWare ESXi virtual machines, a modified version of the malware is already in circulation that renders the decryptor script useless.
So far, around 3,800 servers across the globe have already fallen victim to
EXSiArgs ransomware
, CISA and the FBI warn.
Where the old encryption routine skipped large chunks of data based on the size of the file, the new encryption routine only skips small (1MB) pieces and then encrypts the next 1MB, researchers at Malwarebytes said in a new
report
on the
ESXi vulnerability
. This ensures that all files larger than 128MB are encrypted for 50%. Files under 128MB are fully encrypted which was also the case in the old variant.
Targets of ESXi-Args ransomware
can tell if they are infected with the new variant if the ransom note directs the victim to contact the threat actor via the TOX encrypted messenger, the report added. The ransom note from the old ESXiArgs variant that can be mitigated by the CISA-issued decryptor includes a Bitcoin address.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
ESXi Ransomware Update Outfoxes CISA Recovery Script