ESXiArgs Ransomware Variant Emerges with Updated Features

February 11, 2023

A new variant of the ESXiArgs ransomware has emerged, with the threat actors behind the attack making changes to the encryption process and ransom note. The ransomware is based on the Babuk locker, and statistics show that over 3,800 unique hosts have been compromised since the start of the outbreak in early February. The attackers have removed the Bitcoin address from the ransom note and are now urging victims to contact them on Tox to obtain the wallet information. According to Tony Lauro, director of security technology and strategy at Akamai, “While the dollar impact of this particular breach may seem low, cyber attackers continue to plague organizations via death by a thousand cuts. The ESXiArgs ransomware is a prime example of why system administrators need to implement patches quickly after they are released, as well as the lengths that attackers will go to in order to make their attacks successful.” The attackers are exploiting known vulnerabilities in ESXi, such as CVE-2021-21974, to their advantage, making it imperative that users move quickly to update to the latest version. Rapid7 found 18,581 internet-facing ESXi servers that are vulnerable to CVE-2021-21974, and observed RansomExx2 actors opportunistically targeting susceptible ESXi servers. “Patch management is a critical component of any security program,” said Lauro. “Organizations must ensure that all systems are patched and up-to-date to reduce the risk of a successful attack.”

Latest News

• Arris Routers Vulnerable to Remote Code Execution
• Fortinet Releases Security Updates for FortiNAC and FortiWeb
• SolarWinds Patches High-Severity Vulnerabilities
• ProxyShellMiner Exploits Microsoft Exchange Vulnerabilities
• CISA Adds Four Security Vulnerabilities to Known Exploited List