FlagThis

Akira ransomware has targeted a victim by encrypting the virtual disks (.vmdk files) of an ESXi hypervisor. This attack demonstrates the growing threat of ransomware targeting critical infrastructure elements. To recover the victim’s data, the incident response team used a patched version of vmfs-tools to mount the ESXi datastore, which was partially encrypted. This approach highlights the need for organizations to have comprehensive security measures in place, including regular backups and the ability to recover from attacks targeting critical systems.