ESXiArgs is a ransomware strain first observed in initial infections as early as October 2022, with a widespread campaign launching around February 2023. The ransomware specifically targets VMware ESXi hypervisors, encrypting virtual machine data and disrupting virtualized environments by operating at the hypervisor level rather than individual endpoints. Its primary motivation is financial gain through ransom payments for the decryption of affected systems. A distinctive characteristic is its appending of a ".args" extension to encrypted files, containing metadata likely for decryption. The ransomware evolved in February 2023 with a modified encryption method, and its code is suspected to be based on the leaked Babuk ransomware source.

Paises afectados

URLs nuevas detectadas en IntelTracker