• Science
  • Techonology
    • AI
    • Tech News
  • Finance
  • Contact US
  • More
    • About Us
    • Privacy Policy
    • Disclaimers
    • Terms and Conditions
Facebook Twitter Instagram
Monday, September 25
Facebook Twitter Instagram Pinterest Telegram
SkyMagzines
  • Science
  • Techonology
    • AI
    • Tech News
  • Finance
  • Contact US
  • More
    • About Us
    • Privacy Policy
    • Disclaimers
    • Terms and Conditions
SkyMagzines
Home » New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
Cyber world

New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool

SkymagzinesBy SkymagzinesAugust 28, 2023No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email

After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data.

The emergence of the new variant was reported by a system administrator on an online forum, where another participant stated that files larger than 128MB will have 50% of their data encrypted, making the recovery process more challenging.

Another notable change is the removal of the Bitcoin address from the ransom note, with the attackers now urging victims to contact them on Tox to obtain the wallet information.

The threat actors “realized that researchers were tracking their payments, and they may have even known before they released the ransomware that the encryption process in the original variant was relatively easy to circumvent,” Censys said in a write-up.

“In other words: they are watching.”

Statistics shared by the crowdsourced platform Ransomwhere reveal that as many as 1,252 servers have been infected by the new version of ESXiArgs as of February 9, 2023, of which 1,168 are reinfections.

Since the start of the ransomware outbreak in early February, over 3,800 unique hosts have been compromised. A majority of the infections are located in France, the U.S., Germany, Canada, the U.K., the Netherlands, Finland, Turkey, Poland, and Taiwan.

ESXiArgs, like Cheerscrypt and PrideLocker, is based on the Babuk locker, which had its source code leaked in September 2021. But a crucial aspect that differentiates it from other ransomware families is the absence of a data leak site, indicating that it’s not running on a ransomware-as-a-service (RaaS) model.

ESXiArgs ransomware

“Ransoms are set at just over two bitcoins (US $47,000), and victims are given three days to pay,” cybersecurity company Intel471 said.

While it was initially suspected that the intrusions involved the abuse of a two-year-old, now-patched OpenSLP bug in VMware ESXi (CVE-2021-21974), compromises have been reported in devices that have the network discovery protocol disabled.

VMware has since said that it has found no evidence to suggest that a zero-day vulnerability in its software is being used to propagate the ransomware.

This indicates that the threat actors behind the activity may be leveraging several known vulnerabilities in ESXi to their advantage, making it imperative that users move quickly to update to the latest version. The attacks have yet to be attributed to a known threat actor or group.

ESXiArgs ransomware

“Based on the ransom note, the campaign is linked to a sole threat actor or group,” Arctic Wolf pointed out. “More established ransomware groups typically conduct OSINT on potential victims before conducting an intrusion and set the ransom payment based on perceived value.”

Cybersecurity company Rapid7 said it found 18,581 internet-facing ESXi servers that are vulnerable to CVE-2021-21974, adding it further observed RansomExx2 actors opportunistically targeting susceptible ESXi servers.

“While the dollar impact of this particular breach may seem low, cyber attackers continue to plague organizations via death by a thousand cuts,” Tony Lauro, director of security technology and strategy at Akamai, said.

“The ESXiArgs ransomware is a prime example of why system administrators need to implement patches quickly after they are released, as well as the lengths that attackers will go to in order to make their attacks successful. However, patching is just one line of defense to rely on.”

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleOpenAI launches ChatGPT Plus, starting at $20 per month
Next Article TURNS OUT USING CHATGPT IN SEARCH ENGINES WOULD HAVE A GRISLY ENVIRONMENTAL FOOTPRINT
Skymagzines
  • Website
  • Tumblr
  • LinkedIn

If You Want To Ask Any Question... Let Us Know in Comment Section.

Related Posts

Cyber news

SCAMMERS ARE USING CHATGPT TO WRITE EMAILS THAT AREN’T RIDDLED WITH TYPOS

August 28, 2023
PYTHON

Pip Upgrade – And How to Update Pip and Python

August 28, 2023
Cyber world

German minister warns of ‘massive’ danger from Russian hackers

August 28, 2023
Add A Comment

Leave A Reply Cancel Reply

Dolphins Break Franchise Scoring Record, Dominate Denver in Historic 70-20 Victory

September 25, 2023

Taylor Swift Cheers Alongside Travis Kelce’s Mom at Chiefs Game

September 25, 2023

How to Watch the Global Citizen Festival Live Online

September 24, 2023

Former Anaheim Duck Nic Kerdiles, Ex of Savannah Chrisley, Passes Away at Age 29

September 24, 2023
Facebook Twitter Instagram Pinterest
© 2023 Skymagzines. Designed by Codelivly

Type above and press Enter to search. Press Esc to cancel.