Ransomware

ESXiArgs

First seen: 2023-02 • Status: inactive

Currently Inactive

ESXiArgs automatically attacked thousands of VMware servers in one weekend. It exploited an old vulnerability that many organizations had not patched.

Overview

ESXiArgs was a massive automated ransomware campaign that exploited VMware ESXi vulnerabilities, affecting thousands of servers globally.

How It Spreads

  • CVE-2021-21974 exploitation
  • Automated scanning

What It Does

  • Encrypts virtual machines
  • Targets ESXi servers

Is your business exposed?

Target Platforms

VMware ESXi

Detection Tips

  • Patch ESXi immediately
  • Check for exploitation

MITRE ATT&CK Techniques

T1486, T1190

If You're Infected

  1. 1.

    Use CISA recovery script

  2. 2.

    Patch ESXi servers

Related Malware

Babuk

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices