Follow
Great research for Microsoft here - Black Basta and Akira ransomware deployment using a logic flaw in VMware ESXi, using a zero day (which they don't mention).
If you get domain admin in Windows, you can make an Active Directory group called "ESX Admins", and then you can log into ESXi - this allows you to encrypt non-Windows systems (and everything else in VMware)