More than 2000 companies worldwide have fallen victim to a large-scale ransomware attack. Hundreds of companies are also affected in Germany.
An unknown hacker group is currently running a coordinated ransomware campaign against companies that have still not armed themselves against a two-year-old software vulnerability. The Italian and French cyber authorities are therefore once again urging companies to update their systems to protect themselves against the attacks.
Affected are companies that use software from VMWare to set up virtual machines on their servers. The attackers seem to have found a way to distribute malicious software that encrypts the data on these virtual machines over the Internet without much effort. According to the IT security search engine Onyphe, more than 2,100 Internet accesses have been compromised in this way in the past few days. According to the search engine Shodan, most attacks on companies are in Canada, the USA, France and Germany.
The criminals were well prepared
The criminals seem to have prepared their campaign well, otherwise the speed with which companies are currently being encrypted is difficult to explain. The French IT defenders therefore warn that even if companies update the relevant software now, they should not feel too safe: the hackers could already be in the system.
The Federal Office for Information Security (BSI) speaks of a “mid three-digit number” of companies affected by the attack in Germany. More detailed information on the extent of the damage is not yet available. However, the authority is in close contact with international partner authorities and will provide information via its website as soon as there are updates on damage or protection options.
Derivatives trading paralyzed
Ransomware attackers who encrypt networks and demand ransoms from their victims in order to unlock the data have repeatedly made headlines in recent years. The most devastating is currently a piece of software called Lockbit. Last week Ion Trading UK was paralyzed with Lockbit . With its software, the British company is responsible for a large part of international derivatives trading. Banks and stock exchanges were forced to manually process their derivatives trading due to the company’s failure.
The term ransomware stands for malware that encrypts data on compromised computers and demands a ransom (ransom) for decryption. To do this, the criminals work together in networks: some take care of hacking into computers and encrypting the data, others handle the possible ransom payments. However, it is not certain whether the data will actually be recovered. Often enough, the software is poorly programmed so that the recovery of the encrypted data does not work or does not work consistently. Authorities recommend not paying a ransom because doing so will only give the business model a boost. However, many companies do not comply because the effort may be less for them or they do not have a good data backup.
(c) Max Muth
