search

cisagov / ESXiArgs-Recover

A tool to recover from ESXiArgs ransomware
Creative Commons Zero v1.0 Universal
295 stars 41 forks source link

VMDK result is not recognized properly #10

Closed hanselsen closed 1 year ago

hanselsen commented 1 year ago

πŸ› Summary

I have followed the steps in the README, and also the referenced tutorial. Once I register the VMX, I see this: image

Two things wrong with this:

  1. It says my hard disk is Thin Provisioned (which it is not).
  2. It says that the disk size should be larger that its original capacity.

To reproduce

  1. Follow the README
  2. got the screenshot while registering

Expected behavior

I would expect the disk to have the proper size.

cablej commented 1 year ago

Hi, can you share the output of β€œls -la” in the VM directory and the contents of the vmdk file?

hanselsen commented 1 year ago

Sorry for not letting you know sooner. I concluded that I have been the victim of the second wave of attack. https://www.bleepingcomputer.com/news/security/new-esxiargs-ransomware-version-prevents-vmware-esxi-recovery/ We did not even try to recover from this, so we rebuilt all the VMs.