Italy warns of global ransomware attack
Italian officials report that servers using VMware ESXi were attacked by cyber criminals, exposing a worldwide flaw.
Italy’s National Cybersecurity Agency (ACN) has warned that thousands of computer servers globally were targeted by a ransomware attack on VMware ESXi systems. It comes as dozens of Italian businesses and organisations were affected.
ACN is warning companies to take action to avoid being locked out of their systems. The attack follows the same pattern as last week’s ransomware assault on ION Trading UK, in which VMware servers were the cause of the system weakness which permitted the cyber incident.
The US, Canada and France have also been affected. Top officials from Italy’s ACN are meeting this afternoon to understand the extent of the situation.
Robert Baldoni, director general at ACN, told Reuters the hacking attack was on a massive scale and sought to exploit a software vulnerability.
“The vulnerability being targeted is two years old and should have been patched by now,” said Stefano Zanero, professor of cybersecurity at Politecnico di Milano. Zanero added that Italy was not the only country to be targeted and that servers around the world remain unprotected.
A VMWare spokesperson said the software company is aware of the problem and that patches were issued in February 2021. However, servers that have not applied the patch are still vulnerable.
The US Cybersecurity and Infrastructure Security Agency are also assessing the incident. “CISA is working with our public and private sector partners to assess the impacts of these reported incidents and providing assistance where needed,” it stated.
No cybercriminal organisation has claimed responsibility for the attack yet.
LockBit claims payment
The LockBit ransomware group, responsible for last week’s attack on ION Trading UK, said it received ransom from the London-based financial software business.
LockBit had threatened to publish stolen material from ION Trading if it did not receive payment by February 4.
The Russian-speaking cybercriminals have “made at least $100 million in ransom demands and have extracted tens of millions of dollars in actual ransom payments from their victims,” according to reports from the US Department of Justice.
The National Cyber Security Centre (NSCS) UK offers advice on preventing malware from being delivered and spreading to devices by “filtering to only allow file type you would expect to receive, blocking websites that are known to be malicious, actively inspecting content and using signatures to block known malicious code.”
Related articles:
Eoghan O'Donnell
NEXT UP
Alexey Kalachik, CEO & Co-Founder at Fively: “The potential for digitalisation within insurance is enormous”
We interview serial entrepreneur Alexey Kalachik, CEO & Co-Founder at Fively, on the future of fintech and what makes this space so exciting for startups.
IBM bolsters AI push with Microsoft Copilot launch
In a bid to boost its AI offering, IBM Consulting will enable enterprises to create and manage AI copilots – including Copilot for Microsoft 365
Andrew Kay, Director of Systems Engineering APJ at Illumio: “The most worrying development with ransomware is that it has evolved from simply stealing data to impacting IT availability”
Andrew Kay, Director of Systems Engineering APJ at Illumio, has 20 years’ experience helping organisations strengthen their cyber resilience. We interview him as part of our Threats series on cybersecurity.