Nitrogen ransomware was derived from the previously leaked Conti 2 builder
code, and is similar to Nitrogen ransomware, but a coding mistake in the
ESXi malware causes it to encrypt all the files with the wrong public key,
irrevocably corrupting them. This means that even the threat actor is
incapable of decrypting them, and that victims that are without viable
backups have no ability to recover their ESXi encrypted servers. Paying a
ransom will not assist these victims, as the decryption key/ tool will not
work.
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2026/02/nitrogen-ransomware-esxi-malware-has-a-bug/
