According to media reports, thousands of ESXi servers, which are used for the virtualization of IT processes, among other things, were encrypted in a broadly distributed ransomware attack worldwide. The regional focus of the attacks was on France, the USA, Germany and Canada, with other countries also affected.

According to current knowledge, it is assumed that the vulnerability CVE-2021-21974, which was already patched in February 2021, is being exploited as an attack vector. At that time, the BSI had warned against the exploitation of vulnerabilities in the corresponding product. Regarding the current IT security incident, the BSI has now published a cyber security warning with corresponding protective measures.

According to previous findings, there appears to be a mid-three-digit number of affected systems in Germany. It is not yet possible to make any more concrete statements about the extent to which the systems have been affected or the extent of possible damage.

The BSI is analyzing this IT security incident intensively and is in close exchange with its international partners. The BSI will provide information on current findings.


* ESX and ESXi are names of hypervisors from VMware for the virtualization of servers, data centers and computer systems. ESX stands for “Elastic Sky X”, ESXi means “Elastic Sky X integrated”.