Nitrogen Ransomware: ESXi malware has a bug!

TLDR

Nitrogen ransomware, derived from leaked Conti 2 builder code, contains a bug in its ESXi malware that encrypts files with the wrong public key, making them irreversibly corrupted. This coding error means even the threat actor cannot decrypt the files, leaving victims without backups unable to recover their data. Proper encryption and decryption processes are outlined, highlighting the critical mistake in the ransomware's implementation.

Nitrogen ransomware was derived from the previously leaked Conti 2 builder code, and is similar to Nitrogen ransomware, but a coding mistake in the ESXi malware causes it to encrypt all the files with the wrong public key, irrevocably corrupting them. This means that even the threat actor is incapable of decrypting them, and that victims that are without viable backups have no ability to recover their ESXi encrypted servers. Paying a ransom will not assist these victims, as the decryption key/ tool will not work.