BleepingComputer reports that organizations' VMware ESXi servers are being targeted by a second wave of ESXiArgs ransomware attacks with an updated encryption process that could facilitate greater data encryption.
Attackers have modified the encryptor to remove the encrypt.sh script's "size_step" routine, with the size_step set to 1, enabling alternate encryption between 1 MB of data and skipping 1 MB of data, according to Michael Gillespie.
With such a change prompting half of the data in files exceeding 128 MB to be encrypted, previously effective techniques could not be used to allow file restoration.
Aside from the updated encryptor, the new ESXiArgs ransomware attacks also no longer featured bitcoin addresses in its ransom note, which may be due to the operation's effort to avert the detection of ransom payments.
However, uncertainties remain as to why the new ESXiArgs ransomware samples were able to breach VMware ESXi servers that have already disabled SLP.
BleepingComputer reports that organizations' VMware ESXi servers are being targeted by a second wave of ESXiArgs ransomware attacks with an updated encryption process that could facilitate greater data encryption.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.
Such breaches, which were pinned on the dismal security measures of Marriott and subsidiary Starwood Hotels & Resorts, resulted in the exfiltration of individuals' email addresses, birthdates, and other personal details, as well as their passport information, loyalty numbers, and payment card numbers.
Included in the 6.4 GB SQL database were Internet Archive members' email addresses, usernames, Bcrypt-hashed passwords and password change timestamps, as well as other internal details as recent as September 28, when the attack was believed to have taken place.