The Cybersecurity and Information Security Agency collaborated with the FBI to help organizations respond to a ransomware campaign known as ESXiArgs.
The two agencies on Wednesday issued the ESXiArgs Ransomware Virtual Machine Recovery Guidance, which includes a recovery script for users that have lost their files from the cyberattack.
The malware originated from outdated versions of VMWare’s ESXi software, whose servers were used by malicious cyber actors to access and encrypt configuration files, disabling virtual machines as a result.
In their joint advisory, CISA and FBI urged organizations using ESXi to upgrade to the latest software version. Their Service Location Protocol service should also be disabled, and their ESXi hypervisor should not be visible to the public internet, the agencies said.
CISA encouraged affected users to access https://github.com/cisagov/ESXiArgs-Recover to retrieve their compromised files.
