Dark image of a hacker conducting a cyberattack

Italy warns of global ransomware attack

Image credit: Dreamstime

Thousands of computer servers have been targeted by a global ransomware hacking attack targeting VMware ESXi servers, Italy's National Cybersecurity Agency (ACN) has warned.

Italy's cyber-security agency has warned organisations to take action to protect their systems in the face of a large-scale ransomware attack. 

The hacking attack sought to exploit a software vulnerability in VMware ESXi servers, ACN director-general Roberto Baldoni told Reuters. 

Italy's ANSA news agency, citing the ACN, reported that servers had been compromised in other European countries such as France and Finland, as well as in the US and Canada.

In Italy, dozens of organisations were said to be affected, with millions of users being left without internet access and disruptions observed in ATMs. Corriere della Sera, an Italian national newspaper, reported that the attackers demanded 2 Bitcoin - roughly €42,000 (£37,500).

In response to the news, a spokesperson for VMware said the software firm is aware of the report and that it issued patches in February 2021 when it discovered the vulnerability that is now being exploited. The company urged customers to apply the patch, if they have not already done so.

In addition, US cyber-security officials said they were assessing the impact of the reported incidents.

"CISA is working with our public and private sector partners to assess the impacts of these reported incidents and providing assistance where needed," said a spokesperson for the US Cybersecurity and Infrastructure Security Agency. 

Ransomware attackers are those that exploit gaps in organisations’ security to install their own software and encrypt files so they are unusable.

These types of attacks are a persistent threat to organisations around the world and their occurrence has skyrocketed since the pandemic. The UK’s NHS; Apple in the US, and even the Albanian government have all suffered severe cyber attacks that have disrupted their services and put their users’ personal information at risk.

Commenting on the issue, Greg Day, SVP and global field CISO at Cybereason, said: "These issues are due in part to the increasingly dynamic changes we see in IT infrastructures. Understanding what you have, what state it's in, has never been tougher as the scale of IT continues to grow and the scope becomes ever more dynamic as we move more to agile IT worlds."

Javvad Malik, lead security awareness advocate at KnowBe4, added: "Exploiting unpatched software is a common and among the favoured techniques used by criminals to breach organisations. This can be particularly damaging when vulnerabilities exist in popular software which is accessible from the internet.

"It's why it's important for organisations to have a good patching policy in place that can identify critical systems which need patching in a timely manner."

In November 2022, the Australian Signals Directorate’s annual cyber-threat report warned that cyber attacks from criminals and state-sponsored groups had significantly increased in the past financial year, turning the cyber space into “the domain of warfare”.

In May last year, the European Union agreed on tougher cyber-security rules for essential sectors, with companies required to assess their risks, notify authorities and take measures to deal with the risks or face fines of up to 2 per cent of global turnover. 

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles