Cybersecurity Agency: “Massive ransomware attack underway”
A “massive attack via an already circulating ransomware” was revealed by the Computer security incident response team Italy of the National Cybersecurity Agency. Acn technicians they have already surveyed “several dozen national systems likely to be compromised and alerted numerous subjects whose systems are exposed but not yet compromised”. However, it is explained, “there are still some exposed systems, not compromised, of which it has not been possible to trace the owner. These are called upon to update their systems immediately.”
The attack targeted VMware ESXi servers. The vulnerability exploited by the attackers has already been patched in the past by the vendor, but, evidence Acn“not everyone using the currently affected systems has fixed it” and the targeted servers, if lacking the proper fixes, “can open the doors to hackers busy exploiting it in these hours after the strong growth of attacks recorded over the weekend”. The first to notice the attack were the French, probably due to the large number of infections recorded on the systems of some providers in that country. Subsequently, the wave of attacks moved to other countries including Italy. Right now there are a few thousand compromised servers around the world, from European countries like France – most affected country – Finland and Italy, up to North America, Canada and the United States. In Italy there are dozens of realities that have encountered malicious activity against them but – according to analysts – they are destined to increase. The exploitation of the vulnerability, the Agency explains, “allows in a subsequent phase to carry out ransomware attacks that encrypt the affected systems making them unusable until a ransom is paid for the decryption key”.
Subscribe to the newsletter