top of page
logo malizen cybersecurité

Ransomware ESXiArgs: back but worse

Updated: Aug 22, 2023

Since February 8th, there have been numerous attacks by the ESXIArgs ransomware. Overall, more than 3,000 servers have been affected, including information on courts, universities, the Florida Supreme Court, etc.

This ransomware remotely encrypts the configuration files of vulnerable VMware ESXI servers. This wave of attacks includes a modified encryption process that encrypts more data in larger files. This change prevents previous recovery tools from recovering the machines because the files will have too much encrypted data to be usable.

Some victims reported that SLP had disabled their devices and that they had still been stolen and encrypted.

Following this wave of attacks, the CNIL issued a press release warning about updating VMWare ESXI hypervisors. It proposes a list of things to do in order to protect oneself as well as possible from these attacks.


logo Malizen

Follow our adventures !

  • Discorde
  • X
  • LinkedIn

Subscribe to our newsletter

Be notified every time we have news !

Thanks for subscribing !

By subscribing, I agree to the General Terms of Use and Privacy Policy.

bottom of page