Ransomware gang behind attack on CD Projekt Red uses Linux variant that targets ESXi virtual machine platform for maximum damage. ESXi is one of the most popular enterprise virtual machine platforms. The ransomware uses ESXi’s esxcli command-line management tool to list the running virtual machines on the server and then shut them down. After the virtual machines are shut down, the ransomware will begin encrypting.vmdk (virtual hard disk), vmsd (metadata and snapshot information), and.vmsn (active state of the VM) files.
Source: https://www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/