On Feb. 8, 2023, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory (CSA) responding to the ESXiArgs ransomware campaign. The CSA warns that threat actors look to exploit vulnerabilities in VMware ESXi servers to gain access and put ransomware into place. Details: Threat actors targeting servers that “are likely running unpatched and out-of-service or out-of-date versions of VMware ESXi software,” according to the CSA. The ESXiArgs ransomware encrypts the ESXi server configuration files, which could possibly disable virtual machines.
Malicious actors have been found to have compromised more than 3,800 servers around the world. As a result, the FBI and CISA recommend organizations with VMware ESXi servers take the following actions: If your organization’s system has become infected, the CISA released an ESXiArgs recovery script that you can use to attempt to recover your files.