Back to Threat Groups

esxiargs

ACTIVE

ransomware group

ESXiArgs is a ransomware campaign that emerged in February 2023, targeting VMware ESXi servers by exploiting the CVE-2021-21974 vulnerability. It encrypts virtual machine configuration files (.vmdk, .vmx, .vmxf, .vmsd, .vmsn, .vswp, .vmss, .nvram, .vmem) rendering VMs inaccessible. The campaign compromised thousands of unpatched servers globally, primarily affecting European organizations. A decryptor was later released by CISA and FBI.

Victims
0
records
First Discovered
victim
Last Discovered
Jun 17, 2026
victim
Inactive Since
Countries
0
hit
Avg Discount
no settlements

Group Activity

Last 12 months
Jul
2025
Aug
2025
Sep
2025
Oct
2025
Nov
2025
Dec
2025
Jan
2026
Feb
2026
Mar
2026
Apr
2026
May
2026
Jun
2026

Victims (0)

No victims recorded

Infrastructure

No sites tracked