Only a week after the Cybersecurity and Infrastructure Safety Company (CISA) launched its restoration script in opposition to ransomware concentrating on VMWare ESXi digital machines, a modified model of the malware is already in circulation that renders the decryptor script ineffective.
To this point, round 3,800 servers throughout the globe have already fallen sufferer to EXSiArgs ransomware, CISA and the FBI warn.
“The place the previous encryption routine skipped giant chunks of information primarily based on the dimensions of the file, the brand new encryption routine solely skips small (1MB) items after which encrypts the following 1MB,” researchers at Malwarebytes stated in a brand new report on the ESXi vulnerability. “This ensures that each one information bigger than 128MB are encrypted for 50%. Information underneath 128MB are totally encrypted which was additionally the case within the previous variant.”
Targets of ESXi-Args ransomware can inform if they’re contaminated with the brand new variant if the ransom notice directs the sufferer to contact the risk actor through the TOX encrypted messenger, the report added. The ransom notice from the previous ESXiArgs variant that may be mitigated by the CISA-issued decryptor features a Bitcoin handle.
