The ESXi ‘[enc]’ Ransomware Recovery and Decryption
In our recovery lab today at Lockbit Decryptor, we isolated an ESXi-targeting ransomware strain, identified by the [enc] extension and auxiliary [iv] and [salt] files. Our forensic analysis confirms this is a sophisticated, enterprise-targeting operation. This strain employs a robust hybrid cryptosystem. Critically, our analysis indicates that this variant correctly implements the cryptographic primitives, and…