ESXi ransomware is malware that encrypts virtual machines directly on a VMware ESXi hypervisor, taking down every guest server on that host in a single stroke. It has become one of the defining ransomware shifts of the mid-2020s because the hypervisor is the rare high-value target that runs almost no security tooling. Groups including Akira, Qilin, and Black Basta now ship dedicated Linux and ESXi encryptors, and the US Cybersecurity and Infrastructure Security Agency has flagged the trend as an imminent threat to critical infrastructure.
What is ESXi ransomware?
VMware ESXi is a bare-metal hypervisor: it runs directly on a physical server and hosts dozens of virtual machines, each one a separate guest operating system. ESXi ransomware is built specifically to attack that layer. Instead of encrypting one Windows machine at a time, the encryptor runs on the hypervisor, shuts down or kills the running VMs, deletes their snapshots, and encrypts the virtual-disk files (the .vmdk, .vmx, and related files) that every guest depends on. Encrypt the host once and the whole virtual datacenter goes dark at the same moment.
Why the hypervisor is the perfect target
Three properties make ESXi the highest-leverage target in a modern network.
First, it is agentless. Endpoint detection and response is built for Windows and, increasingly, Linux endpoints. It is not built to run on an ESXi host, and VMware has historically discouraged third-party agents on the hypervisor. That leaves the most consolidated asset in the building as a blind spot, which is exactly where an attacker wants to detonate.
Second, the blast radius is enormous. One host can run dozens of production servers. Encrypting the hypervisor takes down domain controllers, databases, file servers, and applications in one action, which is why dwell-to-impact times on these attacks are so short.
Third, the encryptor destroys recovery on the way through. Modern ESXi-focused families, including the Qilin variant, delete VM snapshots before encrypting, removing the fastest local recovery path and pushing the victim toward the ransom. That snapshot deletion is the tell that an operator came specifically for the hypervisor.
How attackers reach the hypervisor
The entry rarely starts at ESXi itself. Operators land elsewhere, escalate, and pivot to the hypervisor using valid credentials or a management-plane flaw. The most consequential vulnerability of this wave is CVE-2024-37085, an authentication-bypass in ESXi’s Active Directory integration: an attacker who can create or rename an AD group called ESX Admins is automatically granted full administrative rights on the host. Microsoft observed Akira, Black Basta, and other operators exploiting it to seize hypervisors outright. Because so much of the kill chain runs through Active Directory, hardening that layer matters as much as patching ESXi itself. See our guide to Active Directory hardening.
Initial access feeding these intrusions has come through edge devices and backup systems: SonicWall, Cisco ASA, and Veeam Backup & Replication flaws have all been chained into hypervisor attacks. Once inside, the operators follow the same path documented in our ransomware incident-response runbook: harvest credentials, move laterally, find the vCenter or ESXi management interface, and deploy.
Who is doing it
Akira is the standout. The FBI and CISA put its proceeds above 244 million dollars by late September 2025, and in a June 2025 incident Akira encrypted Nutanix AHV virtual-disk files for the first time, a sign the playbook is generalising beyond VMware to any hypervisor worth hitting. Qilin ships one of the most customisable Linux and ESXi encryptors seen to date, purpose-built to encrypt virtual machines and delete their snapshots. Black Basta was among the earliest to weaponise CVE-2024-37085. The broader catalogue lives on our threat-groups index.
What it costs
The clearest measure of the shift is Microsoft’s own incident-response data, which shows engagements involving ESXi hypervisors more than doubling over a three-year window. The reason is leverage: a single successful hypervisor encryption can halt an entire business, which raises the realistic ransom and lowers the attacker’s effort per victim. When recovery means rebuilding every virtual machine from off-host backups, downtime stretches into weeks, and downtime is where the real cost of ransomware lives.
How to defend ESXi
Defence is concrete, even without an agent on the host. Patch the management plane first and treat CVE-2024-37085 as urgent if you run AD-joined ESXi. Enable lockdown mode and take the ESXi and vCenter management interfaces off any network a normal user can reach, ideally onto a dedicated, MFA-gated management VLAN. Remove or tightly scope the ESX Admins AD group and monitor for its creation, which is itself an attack indicator. Disable SSH and the ESXi shell unless actively in use. Most important, keep immutable, off-host backups of your VMs, because on-host snapshots are the first thing these encryptors destroy. Test the restore, not just the backup.
What this means
ESXi ransomware is the logical endpoint of an attacker economy that rewards leverage. Why encrypt a hundred laptops when one hypervisor holds a hundred servers, runs no EDR, and deletes its own snapshots when told to? The defensive answer is not a new product but a posture: treat the hypervisor as crown-jewel infrastructure, isolate and patch its management plane, harden the Active Directory that fronts it, and keep backups somewhere the encryptor cannot reach. The groups have already industrialised this. The defence has to catch up. Track the operators on the Ransomware desk and the live victim feed on Ransomtracker.
FAQ
What is ESXi ransomware?
It is ransomware designed to run on a VMware ESXi hypervisor and encrypt the virtual-disk files of every guest virtual machine at once, rather than encrypting individual operating systems. One successful host encryption can take down a whole virtual datacenter.
Why do attackers target ESXi specifically?
The hypervisor runs almost no endpoint security, hosts many production servers on one machine, and stores the snapshots used for fast recovery. That combination gives attackers maximum impact, minimum detection, and a built-in way to destroy local recovery.
What is CVE-2024-37085?
It is an authentication-bypass vulnerability in ESXi’s Active Directory integration. An attacker who can create or rename an AD group named ESX Admins is automatically granted full administrative control of the host. Multiple ransomware groups have exploited it.
Which ransomware groups attack ESXi?
Akira, Qilin, and Black Basta are among the most active, all shipping dedicated Linux and ESXi encryptors. Akira has also begun encrypting Nutanix AHV, indicating the technique is spreading to other hypervisors.
How do I protect ESXi from ransomware?
Patch the management plane, enable lockdown mode, isolate vCenter and ESXi management behind MFA, control and monitor the ESX Admins AD group, disable unused SSH and shell access, and keep immutable off-host backups that the encryptor cannot delete.
Are on-host snapshots enough for recovery?
No. ESXi-focused encryptors routinely delete VM snapshots before encrypting, so snapshots stored on the same host offer little protection. Recovery depends on immutable backups kept off the hypervisor.
Sources and further reading
- CVE-2024-37085 exploitation: Microsoft Security, July 2024.
- Akira proceeds and Nutanix AHV targeting: CISA advisory AA24-109A, updated November 2025, and the FBI.
- Qilin Linux and ESXi encryptor analysis: BleepingComputer.
- ESXi incident-response trend: Microsoft Incident Response.
- Related on Ransomnews: Ransomware IR runbook, Active Directory hardening, ransomware-resistant backup picks.
