Our developer network has had DHCP starvation attack for the last week or so, it is much like the behaviour in this doc - https://www.greycampus.com/opencampus/ethical-hacking/dhcp-poisoning
The solution seems to be DHCP snooping config in switches, I am working on that so far without success. There is no suggestion that I can track down the malware and clean it up, is that too hard to do? Also can my Cisco ASA firewall have a part, like dropping DHCP packets from unknown sources?
You should be able to trace the source MAC/IP of the rogue system causing the issue, the mitigation option listed in the article should work once you getting working with your hardware.