Threat Alert: Ransomware Targeting VMware ESXi Servers

Advanced Computer Technologies' Threat Alert: Ransomware Targeting VMware ESXi Servers



VMware ESXi Servers are the target of a recent ransomware campaign. This global threat, dubbed “ESXiArgs,” appear to be targeting unpatched and unprotected instances of VMware ESXi.

Who is Affected / Which CVEs are Involved?

The primary impact is to organizations that are running unpatched versions of ESXi, where attackers also have direct access to ESXi management interfaces.

It is very likely that attackers are using any vulnerability accessible to them, but the media has speculated about the involvement of these specific CVEs:

  • CVE-2022-31699
  • CVE-2021-21995
  • CVE-2021-21974
  • CVE-2020-3992
  • CVE-2019-5544
What do I Need to Do

Organizations that are running versions of software older than current releases are at risk and should be updated to the latest versions immediately. Customer security personnel should make assessments of more nuanced situations; for assistance with security assessments please engage VMware Professional Services.

Additional Questions

For more information on this threat or to learn about how the Advanced Security Team works with clients to mitigate threats like this, don’t hesitate to reach out or schedule a call.


Contact Advanced Computer Technologies

Recent Posts

Cybersecurity Triad

New cyber threats are emerging every day, keeping us on our toes. Let’s talk about some of these threats, including credential stuffing, password spraying, and

Read More »

Security Digest (April 2024)

April 2024 Patch Tuesday – 4/9 Threat Grading Overview Deep Dive: CVE-2024-26234 and Digital Signatures – Who Can We Trust? Vendor Patch Advisories Emerging Threat:

Read More »

Security Digest (March 2024)

March 2024 Patch Tuesday – 3/12 Deep Dive-APT28 and CVE-2023-23397 Vendor Patch Advisories Windows Server 2012 Officially End of Support New Threat Vector-Acoustic Attacks International

Read More »