US CISA publishes ESXi ransomware recovery tool

By

As outbreak spreads.

America’s Cyber and Infrastructure Security Agency (CISA) is helping out organisations hit by the ransomware known as ESXiArgs.

US CISA publishes ESXi ransomware recovery tool

Since the ransomware attacks were first observed in Italy over the weekend, the campaign has spread to other European countries and to North America.

The attackers are targeting a bug in VMware’s ESXi that has had a patch available since February 2021.

CISA has published a script which it said will allow organisations to attempt to recover virtual machines affected by the ransomware attacks.

The script, published at Github, is based on work by Enes Sonmez and Ahmet Aykac of YoreGroup Tech Team, CISA said.

“This tool works by reconstructing virtual machine metadata from virtual disks that were not encrypted by the malware”, the agency said.

“Any organisation seeking to use CISA’s ESXiArgs recovery script should carefully review the script to determine if it is appropriate for their environment before deploying it. 

“This script does not seek to delete the encrypted config files, but instead seeks to create new config files that enable access to the VMs.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Macquarie Uni to spend up to $700m on 10-year digital transformation

Macquarie Uni to spend up to $700m on 10-year digital transformation

Nissan A/NZ's outsourced cyber incident call centre breached

Nissan A/NZ's outsourced cyber incident call centre breached

Digital ID bill passes parliament

Digital ID bill passes parliament

Macquarie's banking CISO headed to Endeavour Group

Macquarie's banking CISO headed to Endeavour Group

Log In

  |  Forgot your password?