"'Massive' New ESXiArgs Ransomware Campaign Has Compromised Thousands of Victims"

European cybersecurity authorities warn of active network exploitation of a nearly two-year-old VMWare ESXi flaw by ransomware attackers. ESXiArgs is the name given to the campaign because, after encrypting a file, the ransomware creates an extra file with the extension .args. According to researchers, the file contains instructions on how to decrypt the victim's document. Censys searches for systems displaying a ransom letter indicate that thousands of servers in Europe and North America have already been hit. The Austrian CERT issued a warning that at least 3,276 systems were compromised. As described by VMWare, ESXi is a bare-metal hypervisor with direct access to and control over underlying resources, providing access to critical files and enabling attackers to disrupt various user resources. In February 2021, a patch for the vulnerability, tracked as CVE-2021-21974, was released. Government agencies and cybersecurity experts urge administrators to quickly patch all unpatched servers. This article continues to discuss the new ESXiArgs ransomware campaign.

The Record reports "'Massive' New ESXiArgs Ransomware Campaign Has Compromised Thousands of Victims"