ESXiArgs Ransomware Virtual Machine Recovery Guidance describes the ongoing ransomware campaign known as "ESXiArgs". Malicious cyber actors may be exploiting known vulnerabilities in unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access to ESXi servers and deploy ESXiArgs ransomware. The ransomware encrypts configuration files on ESXi servers, potentially rendering virtual machines unusable.

CERT Bulgaria recommends organizations impacted by ESXiArgs evaluate the script and guidance provided in the accompanying README file to determine if it is fit for attempting to recover access to files in their environment.

Organizations can access the recovery script here: 

https://github.com/cisagov/ESXiArgs-Recover