Updated February 8, 2023.
CISA has released a data recovery script dubbed “ESXiArgs-Recover” in order to help users who have been affected by the massive worldwide ESXiArgs ransomware server attacks on VMWare’s vSphere: GitHub.
_________
Hacker group used a method that we encountered for the first time. A super-intelligence who thinks they can only get paid by encrypting the config files instead of encrypting the VMDK disks where the data is kept. There is currently an encryption campaign targeting ESXi servers, which allows access to data on host systems (Service Location Protocol vulnerabilities). Many people reported that they were able to solve their problems with this method below.
