Action Recommended: Widespread Ransomware Attacks Targeting Unpatched VMware ESXi Servers

On Saturday morning, WaterISAC distributed an advisory via email to members regarding widespread reporting that attackers were actively targeting unpatched VMware ESXi servers with a two-year-old remote code execution vulnerability (CVE-2021-21974) to deploy ransomware. If your utility has any unpatched/unprotected VMware ESXi servers online, system administrators are encouraged to address promptly – patch/upgrade, disable exposed ports, isolate, or apply other compensating controls as necessary.