The head of Italy’s National Agency for Cyber Security (ACN) speaks of a massive attack. Many servers in European countries, as well as in the United States and Canada, running outdated software are affected.
A wave of cyber attacks is currently infecting hundreds of computer servers worldwide. European countries such as France, Italy and Finland, but also the USA and Canada are particularly affected by criminal ransomware cyber attacks.
Italy’s National Agency for Cybersecurity (ACN) issued an urgent warning. The attack was to be classified as massive, ACN Director General Roberto Baldoni said on Sunday to the Reuters news agency. Organizations should take measures to protect their IT systems.
The French cyber security authority had already warned of these attacks on Friday . The criminals attacked the server software Esxi from the company VM-Ware in order to install encryption software, a so-called ransomware, there. In this type of cybercrime, the attackers then typically attempt to extort a ransom from their victims.
According to the French security agency, the attackers exploit a vulnerability that has been known since February 2021 and for which VM-Ware made a security update available two years ago. The victims of the attacks are therefore servers with outdated software – a frequent gateway for cyber criminals.
The company VM-Ware told Reuters that they were aware of the vulnerability in the software. It urges customers to install the February 2021 security update.
Encryption does not work in all cases
The largest European cloud provider, OVH Cloud, has also noticed the attacks and speaks of a global wave. The company’s own systems are not affected, the company wrote in a blog post on Friday, which has since been updated. Customers at risk were warned and a specific connection blocked, which the attackers exploited.
It is not yet clear which criminal ransomware gang is behind the wave of attacks, also known as Esxi-Args. In their report to the victims, which the IT platform “Bleeping Computer” published, the blackmailers demand a ransom in bitcoins and threaten to inform customers about the data loss and, if necessary, to publish any stolen data.
However, it is not clear whether this threat is accurate. OVH Cloud, for example, writes that no data leakage was observed during the attacks. “Bleeping Computer” also describes a case in which no data was stolen.
Attacks on the University of Zurich
The University of Zurich only reported on Thursday that attackers had been trying to penetrate its IT systems for days. The university asked all employees and students to change their passwords. It is unclear whether there is a connection with the latest wave of attacks. However, the call to change the passwords does not indicate that the attackers are exploiting a technical vulnerability such as Esxi-Args.
