Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

Security researchers report a recurring pattern of ransomware attacks against VMware ESXi and virtualization environments where attackers gain initial access (phishing, malicious downloads, vulnerability exploitation), escalate to obtain ESXi/vCenter credentials, deploy ransomware, delete or encrypt backups, exfiltrate data to public or attacker-controlled hosts, and spread to non-virtualized hosts; recent activity includes malvertising and trojanized WinSCP/PuTTY installers delivering Sliver and Cobalt Strike, and multiple ransomware families (LockBit, BlackCat, MorLock, etc.) are active.