The ESXiArgs ransomware attack is targeting VMware ESXi servers globally

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

A global ransomware attack, known as ESXiArgs, is affecting servers using VMware ESXi hypervisors version 6.x prior to 6.7 due to a vulnerability (CVE-2021-21974) caused by a heap overflow issue in the Open Service Location Protocol (OpenSLP) service along with two additional vulnerabilities. This attack is expected to spread further.