Thousands of computer systems worldwide were exposed to a ransomware attack in VMware ESXi servers, according to Italy’s national cybersecurity agency, days after a UK derivatives trading operator was subject to a similar hack.
(Bloomberg) — Thousands of computer systems worldwide were exposed to a ransomware attack in VMware ESXi servers, according to Italy’s national cybersecurity agency, days after a UK derivatives trading operator was subject to a similar hack.
The Italian government said the cybersecurity agency, or ACN, will meet with top officials Monday morning to assess the situation. Countries affected also include France, Canada and the US, the agency said.
“The vulnerability being targeted is two years old and should have been patched by now, but evidently many servers are still not protected,” Stefano Zanero, full professor of cybersecurity at Italy’s Politecnico di Milano, said in an interview. Italy wasn’t specifically targeted, Zanero added.
ION’s Woes Far From Over Even If It Paid Ransom, Experts Say
Ransomware is a type of malware that locks up a victim’s files, and the hackers demand payment to provide an encryption key. LockBit, the gang behind last week’s attack on ION Trading UK that upended derivatives trading, said it received a ransom and unlocked those files. ION has declined to comment on whether a ransom was paid.
It’s not clear whether any group has claimed responsibility for the latest attack. LockBit has been active since at least January 2020 and has extorted at least $100 million in ransom demands, according to the US Justice Department.
According to public reports, a ransomware variant dubbed ESXiArgs appears to be leveraging CVE-2021-21974, a two-year-old vulnerability for which patches were made available in VMware’s security advisory of Feb. 23, 2021, according to a VMware spokesperson.
“Security hygiene is a key component of preventing ransomware attacks, and customers who are running versions of ESXi impacted by CVE-2021-21974, and have not yet applied the patch, should take action as directed in the advisory,” the VMware official said.
Following last week’s ransomware attack on ION Trading, the company issued a statement saying the cause of the issue was a cyber incident involving VMware servers.
–With assistance from Andrew Martin and Ian Fisher.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.