The broad ransom campaign on VMware Esxi servers – the US Cyber and Infrastructure Agency publishes a script to recover the information?
The campaign, which has so far hit at least 2,800 servers , is not considered particularly successful by the attackers.
In monitoring the crypto wallets, it appears that very little ransom money was paid ($100k~) and in retrospect it turns out that the attackers performed the encryption in a sloppy way that allows the information to be recovered relatively easily.
The US Cyber and Infrastructure Agency (CISA) publishes a script that allows victims to rebuild the compromised servers and recover the encrypted information.
The script is available here ??