A global ransomware attack on VMware ESXi hypervisors is expanding, according to multiple government agencies and researchers, having already infected thousands of targets.
The attack, first flagged late Feb. 3 by the French Computer Emergency Response Team (CERT-FR), has already compromised more than 3,200 servers in Canada, France, Finland, Germany, and the US so far, according to tracking from Censys.
The avenue of compromise is an exploit for a 2-year-old remote code execution (RCE) security vulnerability (CVE-2021-21974), which affects the hypervisor’s Open Service Location Protocol (OpenSLP) service.