Another ESXiargs ransomware variant emerges after previous patch

Share post:

According to Censys, after the United States Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor to help affected victims recover from ESXiArgs ransomware attacks, the threat actors have returned with an updated version that encrypts more data.

While it was initially suspected that the first set of attacks were the result of the abuse of a two-year-old, now-patched OpenSLP bug in VMware ESXi (CVE-2021-21974), compromises have been reported in devices that do not use the network discovery protocol. With as many as 1,252 servers been infected by the new version of ESXiArgs as of February 9, 2023, of which 1,168 are reinfections.

A system administrator reported the emergence of the new variant on an online forum, where another participant stated that files larger than 128MB will have 50% of their data encrypted, making recovery more difficult.

The New ESXiargs Ransomware Variant encrypts VM virtual disk files, rendering them inaccessible. The attackers then demand a ransom payment in exchange for the files’ decryption. The ransom payment amount varies but can be substantial. Another notable change is that the Bitcoin address has been removed from the ransom note, with the attackers now urging victims to contact them on Tox in order to obtain the wallet information.

The threat actors “realized that researchers were tracking their payments, and they may have even known before they released the ransomware that the encryption process in the original variant was relatively easy to circumvent,” Censys said in a write-up.

Meanwhile, VMware has stated that there is no evidence that a zero-day vulnerability in its software is being used to spread the ransomware.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Microsoft MFA Outage Blocks Access to Microsoft 365 Apps, Raising Cloud Reliability Concerns

Microsoft faced another significant service disruption over the weekend, with a Multi-Factor Authentication (MFA) outage that blocked users...

Cyber Attack Hits Key Dutch University, Raising Concerns for Chip Giant ASML

Eindhoven University of Technology, a critical partner for semiconductor giant ASML Holding NV, has been hit by a...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways