Phil Muncaster reports:
The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new script designed to help ransomware victims recover any VMware virtual machines (VMs) impacted by a current global campaign.
Ransomware payment tracker Ransomwhere estimated the number of victims at 3800, based on an “internet-wide” scanning effort on Monday. It said four payments had been made totalling $88,000, although this is likely to underestimate the scale of the campaign.
Read more at InfoSecurity.
NOTE: As Catalin Cimpanu noted in his Risky Biz newsletter: Yöre Grup CTO Enes Sönmez found a way to recover data and published a step-by-step guide on how to decrypt servers encrypted by the ESXiArgs ransomware. If you go to their site, you will see a note about the tragic situation in Turkey this week that adds:
As a result of this sad event and the decision I made, all donations to this article will be donated to the search and rescue organization AHBAP or AFAD in Turkey. Payment receipts will be announced in this area on a daily basis.
Donations can be made in ETH.