Censys: ESXWhy: A Look at ESXiArgs Ransomware

Posted on in Presentations

A ransomware campaign targeting VMWare ESXi servers began in early February 2023. Ransomware typically takes hosts offline and leaves few artifacts visible to the public Internet, however, ESXi presented ransom notes to the Internet, making them visible to Censys’ passive scanners. At its peak, Censys observed 3,551 infected hosts. Join Senior Security Researcher Emily Austin as she explores this.

Share With Your Community