Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
ESXi Ransomware Update Outfoxes CISA Recovery ScriptESXi Ransomware Update Outfoxes CISA Recovery Script
New ESXiArgs-ransomware attacks include a workaround for CISA's decryptor, researchers find.
Dark Reading Staff
February 16, 2023
1 Min Read
Source: Wavebreakmedia Ltd. via Alamy Stock Photo
Just a week after the Cybersecurity and Infrastructure Security Agency (CISA) released its recovery script against ransomware targeting VMWare ESXi virtual machines, a modified version of the malware is already in circulation that renders the decryptor script useless.
So far, around 3,800 servers across the globe have already fallen victim to EXSiArgs ransomware, CISA and the FBI warn.
"Where the old encryption routine skipped large chunks of data based on the size of the file, the new encryption routine only skips small (1MB) pieces and then encrypts the next 1MB," researchers at Malwarebytes said in a new report on the ESXi vulnerability. "This ensures that all files larger than 128MB are encrypted for 50%. Files under 128MB are fully encrypted which was also the case in the old variant."
Targets of ESXi-Args ransomware can tell if they are infected with the new variant if the ransom note directs the victim to contact the threat actor via the TOX encrypted messenger, the report added. The ransom note from the old ESXiArgs variant that can be mitigated by the CISA-issued decryptor includes a Bitcoin address.
About the Author(s)
You May Also Like
More Insights
Webinars
Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023What's In Your Cloud?
Nov 30, 2023
