CyberSecurityBoard
Sponsor Register Login

CISA Offers Help to People Affected by ESXiArgs Ransomware with a Recovery Script

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has created a script to help people recover their VMware ESXi servers that were affected by the recent ESXiArgs ransomware attack. The attack, which began last Friday, managed to encrypt 2,800 servers according to a list of bitcoin addresses collected by CISA technical advisor Jack Cable. However, the attack was largely unsuccessful as the threat actors failed to encrypt flat files, which store the data for virtual disks. This mistake allowed Enes Sonmez & Ahmet Aykac of the YoreGroup Tech Team to develop a method to rebuild virtual machines from the unencrypted flat files. To make the recovery process easier, CISA released an ESXiArgs-Recover script on GitHub to automate the process. The script works by cleaning up the encrypted files and then attempting to rebuild the virtual machines. If successful, users can then register the virtual machine again in VMware ESXi to gain access to the VM again. CISA urges admins to review the script before using it to understand how it works and avoid any potential complications. It is also important to note that CISA does not assume liability for any damage caused by the script, so users should make sure to create backups before attempting recovery.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 08 Feb 2023 01:55:02 +0000


Cyber News related to CISA Offers Help to People Affected by ESXiArgs Ransomware with a Recovery Script

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
2 weeks ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
2 years ago Hackread.com CVE-2021-21974
CISA Offers Help to People Affected by ESXiArgs Ransomware with a Recovery Script - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has created a script to help people recover their VMware ESXi servers that were affected by the recent ESXiArgs ransomware attack. The attack, which began last Friday, managed to ...
2 years ago Bleepingcomputer.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
9 months ago Securityaffairs.com
Business Data Backup and Recovery Planning - Data backup and recovery planning is essential in today's interconnected and data-driven business landscape. By understanding the significance of data backup and recovery planning, businesses can effectively protect their critical information and ...
1 year ago Securityzap.com
CISA Publishes Free Software to Help Restore Data Affected by ESXiArgs Ransomware - The US Cybersecurity and Infrastructure Security Agency (CISA) has created a free tool to help those affected by the ESXiArgs ransomware attacks. These attacks, first seen on February 3, exploit a high-severity vulnerability in VMware's ESXi ...
2 years ago Securityweek.com
CISA Provides Assistance to People Affected by ESXiArgs Ransomware - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has created a new tool to help those affected by ESXiArgs ransomware. This open-source tool, called SXiArgs-Recover, is designed to help victims recover their virtual machines that have ...
2 years ago Hackread.com CVE-2021-21974
Thousands of Young People Told Us Why the Kids Online Safety Act Will Be Harmful to Minors - How young people feel about the Kids Online Safety Act matters. These comments show that thoughtful young people are deeply concerned about the proposed law's fallout, and that many who would be affected think it will harm them, not help them. In ...
11 months ago Eff.org
Guidance on Recovering from ESXiArgs Ransomware Released by CISA and FBI - A ransomware campaign known as ESXiArgs is currently active and malicious actors may be taking advantage of known vulnerabilities in outdated or unpatched versions of VMware ESXi software to gain access to ESXi servers and deploy the ransomware. ...
2 years ago Us-cert.cisa.gov
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
5 months ago Therecord.media
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
CISA Releases Solution to Help Combat ESXiArgs Ransomware as Florida Institutions Suffer - The Cybersecurity and Infrastructure Security Agency (CISA) has released a script to help organizations affected by the ESXiArgs ransomware. This ransomware has caused disruption to many organizations around the world since last Friday. CISA has ...
2 years ago Therecord.media CVE-2021-21974
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
No Proof of Unpatched Vulnerabilities Being Used in ESXiArgs Ransomware Assaults VMware - VMware has warned customers to take action as unpatched ESXi servers are being targeted by ESXiArgs ransomware attacks. Hackers are exploiting CVE-2021-21974, a high-severity ESXi remote code execution vulnerability related to OpenSLP that was ...
2 years ago Securityweek.com CVE-2021-21974
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
9 months ago Bleepingcomputer.com LockBit Inc ransom Black Basta
The Evolving Landscape of Ransomware Attacks - 1.7 million ransomware attacks are happening every day. Many people think the virus has locked their computer, but it is actually the ransomware that has locked all their files. As the name ransomware suggests they are after ransom. Stealing or ...
1 year ago Cyberdefensemagazine.com LockBit
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
CISA Publishes Script to Help Recover Data from ESXiArgs Ransomware - The Cybersecurity and Infrastructure Security Agency (CISA) has created a recovery script for organizations that have been affected by the ESXiArgs ransomware. This ransomware encrypts configuration files on vulnerable ESXi servers, which can make ...
2 years ago Us-cert.cisa.gov
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
11 months ago Feeds.fortinet.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
1 year ago Techrepublic.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)