Since February 8th, there have been numerous attacks by the ESXIArgs ransomware. Overall, more than 3,000 servers have been affected, including information on courts, universities, the Florida Supreme Court, etc.
This ransomware remotely encrypts the configuration files of vulnerable VMware ESXI servers. This wave of attacks includes a modified encryption process that encrypts more data in larger files. This change prevents previous recovery tools from recovering the machines because the files will have too much encrypted data to be usable.
Some victims reported that SLP had disabled their devices and that they had still been stolen and encrypted.
Following this wave of attacks, the CNIL issued a press release warning about updating VMWare ESXI hypervisors. It proposes a list of things to do in order to protect oneself as well as possible from these attacks.
