Italy warns of global ransomware attack

Italian officials report that servers using VMware ESXi were attacked by cyber criminals, exposing a worldwide flaw.

Italy’s National Cybersecurity Agency (ACN) has warned that thousands of computer servers globally were targeted by a ransomware attack on VMware ESXi systems. It comes as dozens of Italian businesses and organisations were affected.

ACN is warning companies to take action to avoid being locked out of their systems. The attack follows the same pattern as last week’s ransomware assault on ION Trading UK, in which VMware servers were the cause of the system weakness which permitted the cyber incident. 

The US, Canada and France have also been affected. Top officials from Italy’s ACN are meeting this afternoon to understand the extent of the situation.

Robert Baldoni, director general at ACN, told Reuters the hacking attack was on a massive scale and sought to exploit a software vulnerability.

“The vulnerability being targeted is two years old and should have been patched by now,” said Stefano Zanero, professor of cybersecurity at Politecnico di Milano. Zanero added that Italy was not the only country to be targeted and that servers around the world remain unprotected.

A VMWare spokesperson said the software company is aware of the problem and that patches were issued in February 2021. However, servers that have not applied the patch are still vulnerable.

The US Cybersecurity and Infrastructure Security Agency are also assessing the incident. “CISA is working with our public and private sector partners to assess the impacts of these reported incidents and providing assistance where needed,” it stated. 

No cybercriminal organisation has claimed responsibility for the attack yet.

LockBit claims payment

The LockBit ransomware group, responsible for last week’s attack on ION Trading UK, said it received ransom from the London-based financial software business. 

LockBit had threatened to publish stolen material from ION Trading if it did not receive payment by February 4.

The Russian-speaking cybercriminals have “made at least $100 million in ransom demands and have extracted tens of millions of dollars in actual ransom payments from their victims,” according to reports from the US Department of Justice.

The National Cyber Security Centre (NSCS) UK offers advice on preventing malware from being delivered and spreading to devices by “filtering to only allow file type you would expect to receive, blocking websites that are known to be malicious, actively inspecting content and using signatures to block known malicious code.”

Related articles:

Avatar photo
Eoghan O'Donnell

Eogan was a freelance reporter for, covering technology news across hardware, innovation and security. Now based in London, he is proudly Irish and fluent in Gaeilge.