"CISA Releases Recovery Script for ESXiArgs Ransomware Victims"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has provided a script to recover VMWare ESXi servers that were recently encrypted by ESXiArgs ransomware attacks. Recently, vulnerable VMWare ESXi servers were the subject of ESXiArgs ransomware attacks. Since then, according to a list of bitcoin addresses compiled by CISA technical advisor Jack Cable, the attacks have encrypted 2,800 servers. While many devices were encrypted, the campaign was mainly ineffective since the threat actors failed to encrypt flat files, where virtual disk data is stored. This oversight enabled Enes Sonmez and Ahmet Aykac of the YoreGroup Tech Team to develop a way for rebuilding virtual machines from unencrypted flat files. This solution has helped individuals recover their servers, but the process has proven difficult for some. In order to help users recover their servers, CISA released an ESXiArgs-Recover script on GitHub to automate the recovery process. This article continues to discuss CISA's release of a recovery script for ESXiArgs ransomware victims.

Bleeping Computer reports "CISA Releases Recovery Script for ESXiArgs Ransomware Victims"