Phil Muncaster reports:

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new script designed to help ransomware victims recover any VMware virtual machines (VMs) impacted by a current global campaign.

Ransomware payment tracker Ransomwhere estimated the number of victims at 3800, based on an “internet-wide” scanning effort on Monday. It said four payments had been made totalling $88,000, although this is likely to underestimate the scale of the campaign.

Read more at InfoSecurity.

NOTE:  As Catalin Cimpanu noted in his Risky Biz  newsletter:  Yöre Grup CTO Enes Sönmez  found a way to recover data and published a step-by-step guide on how to decrypt servers encrypted by the ESXiArgs ransomware.  If you go to their site, you will see a note about the tragic situation in Turkey this week that adds:

As a result of this sad event and the decision I made, all donations to this article will be donated to the search and rescue organization AHBAP or AFAD in Turkey. Payment receipts will be announced in this area on a daily basis.

Donations can be made in ETH.