"VMware Ransomware Evolves to Evade Data Recovery, Reinfects Servers"

According to data compiled by Ransomwhere, an open-source ransomware payment tracker, a new variant of ESXiArgs ransomware has infected over 1,250 VMware systems. Since the spread began on February 3, the original strain has affected at least 3,800 targets and at least 2,250 machines. According to Brett Callow, a threat analyst at Emsisoft, the slightly modified variant of the malware encrypts data more effectively and hinders data recovery. In response to the ongoing ransomware, the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) and FBI recently issued a joint advisory providing guidelines as well as a recovery script. However, the agencies are now tracking new variants. Callow confirmed that a slight code change in ESXiArgs triggers a different encryption process that renders the recovery script ineffective. Based on Censys and Shodan data, the new strain has reinfected over 1,150 systems and accounts for 4 in 5 live infections. This article continues to discuss the new variant of ESXiArgs ransomware that has made the recently released recovery script ineffective.

Cybersecurity Dive reports "VMware Ransomware Evolves to Evade Data Recovery, Reinfects Servers"