CISA Cybersecurity Alerts 2.9.23
Ep 40 | 2.9.23

CISA Alert AA23-039A – ESXiArgs ransomware virtual machine recovery guidance.

Show Notes

CISA and the FBI are releasing this alert in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors are exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access and deploy ransomware.

AA23-039A Alert, Technical Details, and Mitigations

CISA has released an ESXiArgs recovery script at

VMware Security Response Center (vSRC) Response to 'ESXiArgs' Ransomware Attack…

Enes Sonmez and Ahmet Aykac, YoreGroup Tech Team: decrypt your crypted files in…

See, a whole-of-government approach, for ransomware resources and alerts.

No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment.

See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure.

U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email 

To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at, or call (888) 282-0870, or report incidents to your local FBI field office.