![]() Around 3800 VMware ESXi virtual machines globally became the victim of the ESXiArgs ransomware attack. It targeted the end-of-life ESXi servers 6.5 and 6.7 versions. It followed the encryption routine skipping the large chunks of data on the basis of their size. The first set of ESXiArgs ransomware attacks dates back to October 12, 2022. VMware also confirmed on 6 February 2023 in an advisory that this attack is exploiting the ESXi flaws. The cybersecurity agencies reported that the attackers have been exploiting the vulnerabilities in VMware’s bare metal hypervisor ESXi, like CVE-2022-31696, CVE-2022-31697, CVE-2022-31698, and CVE-2022-31699. ESXiArgs ransomware is based on the Babuk source code, previously used by other ESXi ransomware, like CheersCrypt and Dagon group’s PrideLocker encryptor. ![]() args file for every encrypted file with the metadata. vmsd extensions on compromised ESXi servers and creates an. This ensures that all the files larger than 128 MB get 50% encrypted. The latest ESXiArgs ransomware attack follows an encryption routine, which skips the small piece (1 MB) of the data and encrypts the next 1 MB. Most of the victims are from European countries, including France, Germany, Netherlands, UK, and Ukraine. Recently, a new variant of ransomware, called ESXIArgs, came to light which has reportedly attacked nearly 500 hosts of VMware ESXi virtual machines across the globe.
0 Comments
Leave a Reply. |