top of page
  • Admin

Two Years Too Late To Update? ESXiArgs Ransomware Zaps Security-Remiss Companies

Published: May 06, 2023 on our newsletter Security Fraud News & Alerts Newsletter.

There’s a tragic but avoidable security blunder that happened to U.S. businesses much more often than it should. And with CISA getting involved, you can bet it’s a severe problem. That was the case when thousands of companies in the U.S., Canada, and elsewhere found their servers infected with the ESXiArgs ransomware variant.

When what was responsible for inadvertently allowing the ransomware infections was revealed, those blameworthy company leaders likely found themselves in disbelief. Those charged with keeping server software updated had failed to install available security patches for their VMware ESXi servers.

Flirting with Danger

Two years ago, VMware released the necessary patches to their ESXi server customers. The company found ESXiArgs ransomware exploited the unpatched security bugs by finding a home in the vulnerable servers. Ransomware can devastate an unprepared business by encrypting data and demanding a ransom payment for the data decryption key.

The FBI warns victims to NOT pay a ransom demand, saying it only encourages future attacks. Instead, perform regular backups of important data and store it out of Internet reach.

Research by Atlas VPN revealed in 2021, ransomware attacks forced 31% of victimized companies in the U.S. to shut down.

Problem Solved but Not Fixed

Hard to believe, but research by Rapid7 found more than 18,500 ESXi servers remain unpatched and vulnerable to ESXiArgs ransomware. As it is, CISA saw the need to make a free recovery script available for victims to follow and rebuild from data not encrypted by the attack. Some reported this helped restore their data without the need to pay the ransom.

Victims reported ransom demands over $20,000 be paid in Bitcoin. Perpetrators also threatened victims to fork over the ransom payments within three days of the attack or jeopardize the public release of sensitive information.

As we see, keeping software updated and patched is a challenge for many businesses. Those who consider it a chore tend to forget how important it is, even when their data security is at stake. That is until cyber criminals take advantage of unpatched and vulnerable systems. When you get notifications that patches or updates are available, don’t delay in applying them. Dealing with a ransomware attack should be considered an unnecessary lesson to learn.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at


bottom of page