The automated ransomware campaign called ESXiArgs is targeting outdated VMware ESXi servers globally

CyberCube has identified companies at risk of attack in a new ransomware campaign impacting thousands of businesses globally.

The automated ransomware campaign called ESXiArgs is targeting outdated VMware ESXi servers globally. Starting on 9 February 2023, the cybersecurity community reported threat actors successfully improving their attacks.

The campaign encrypts configuration files on vulnerable ESXi servers, potentially rendering clients’ virtual machines (VMs) unusable. Internet-wide scans within days after the first reports surfaced showed a rapid infection rate with over 2,000 servers infected.

Up to 70,000 ESXi hypervisors globally could become vulnerable. CyberCube has analysed companies in its Industry Exposure Database (IED) to identify organisations running VMware ESXi hypervisors that could be vulnerable to the ESXiArgs ransomware.

All sectors at risk

William Altman, CyberCube’s Cyber Threat Intelligence principal, said: “Large US-based insureds operating in banking, education, manufacturing, non-profit, aviation, and agriculture are at higher risk of being attacked by threat actors leveraging vulnerabilities in ESXi hypervisors compared to insureds operating in other industries.

“Large insureds ($1 billion-plus revenue) are at greater risk than medium, small, or micro-sized insureds. Large-sized companies are more likely to require the use of hypervisors and virtual machines as the foundation for the large-scale deployment of cloud computing and cloud storage resources.”

Yvette Essen, CyberCube’s head of Content, Communications & Creative, said: “The majority of impacted ESXi servers are in France and Germany. Cybersecurity agencies in other countries, including Singapore, have also raised alarms.

”At least a dozen universities have been reported to be impacted, including the Georgia Institute of Technology in Atlanta, Rice University in Houston, and institutions of higher learning in Hungary and Slovakia.

”Florida’s Supreme Court has also stated that it was impacted by ESXiArgs ransomware.”