This occurred only a few days after a UK derivatives trading business suffered a similar breach.
Just days after a United Kingdom derivatives trading operator had a similar assault, the Italian government reported thousands of compromised computer systems owing to a ransomware attack on VMware ESXi servers.
Ransomware Attack
A ransomware assault that targeted VMware servers was reported to have affected thousands of computer servers by Italy’s National Cybersecurity Agency (ACN). Italy, France, Finland, Canada, and the United States were among the nations impacted.
According to a report by Bloomberg, the agency will meet with senior officials on Monday to discuss the incident and what might be done to prevent a repeat of it. Then, Italian authorities issued a warning to businesses, informing them that they should take precautions to safeguard their systems as a result of this situation.
Stefano Zanero, professor of cybersecurity at Politecnico di Milano, explained that this vulnerability has been exploited for the past two years.
According to ACN, this has been resolved in the past. However, authorities discovered that the server had not yet been fully repaired, leading to the attacker gaining access to it.
Meanwhile, the U.S. Cybersecurity and Infrastructure Security Agency said it was assessing the impact of the reported incident. CISA is currently working with public and private agencies to assess this issue and provide the necessary assistance to prevent similar situations from occurring in the future. Politico reported that France was the first country to spot the attack. The country’s cybersecurity agency, ANSSI, issued an alert on Friday warning organizations to patch the vulnerability.
Response from VMware
A VMware spokesperson said the company is aware of these incidents and has already issued patches for the vulnerabilities that have been in place for two years. The South China Morning Post reported that customers running his ESXi version are affected by CVE-2021-21975, and those who have not yet applied the patch, should apply it as soon as possible.
VMware explained that patching is security hygiene and key to preventing future potential attacks.
Recent attacks in England
A ransomware attack is a type of malware that locks files after hackers demand payment to provide encryption keys. Just last week, Rockbit attacked his ION Trading United Kingdom for overturning derivatives trading.
ION declined to comment on whether the ransom was paid, but LockBit said it received the ransom and unlocked those files immediately. According to the US Department of Justice, Lockbit has been active since January 2020 and demands a total ransom of $100 million.
