Ransomware with coding mistake irreversibly corrupts ESXi files
Ransomware typically locks down a device and the only possible way to regain access is by paying hackers. Nitrogen's ESXi ransomware, spotted by Coveware, contains a coding mistake that causes it to encrypt all files with the wrong public key, irrevocably corrupting them — so the files cannot be recovered even if the attackers wanted to help.
The strain is reportedly an offshoot of the Conti 2 builder code. Conti was created by the 'Wizard Spider' group in 2019, and a 2022 splintering over political differences related to the Russian invasion of Ukraine led to a leak of the builder code. Nitrogen targets VMware ESXi hypervisors, which manage virtual machines and could allow the malware to affect many devices, though ESXi is a more niche target than traditional viruses.
There’s no word yet on how widespread this offshoot is.
Russia, Ukraine