Thousands of computer servers have been targeted by a global ransomware cyberattack, Italy’s National Cybersecurity Agency (ACN) said on Sunday as it warned organisations to take action to protect their systems.
Targeting VMware ESXi servers, the hackers sought to exploit a software vulnerability, ACN director general Roberto Baldoni told Reuters, adding the attack was on a massive scale.
A spokesperson for VMware said the software firm is aware of the report and that it issued patches in February 2021 when it discovered the vulnerability that is now being exploited.
The company urged customers to apply the patch, aka the update to fix this security vulnerability, if they have not done so.
Italy’s ANSA news agency, citing the ACN, reported that servers had been compromised in other European countries, such as France and Finland as well as the United States and Canada.
The ANSA added that millions of users were left without Internet and disruptions were observed to ATMs.
Dozens of Italian organisations were likely to have been affected and many more had been warned to take action to avoid being locked out of their systems.
Telecom Italia customers reported internet problems earlier on Sunday, but the two issues were not believed to be related.
US cybersecurity officials said they were assessing the impact of the reported incidents.
“CISA is working with our public and private sector partners to assess the impacts of these reported incidents and providing assistance where needed,” the US Cybersecurity and Infrastructure Security Agency said.
A surge of cyberattacks in the recent years
This vulnerability allows the attackers to remotely encrypt the data, effectively blocking the user from accessing them until a ransom is paid.
Corriere della Sera, an Italian national newspaper, reported that the attackers demanded 2 Bitcoin, roughly the equivalent of €42,000.
These ransomware attacks have boomed since the pandemic with Italy is the most exposed European country, according to the newspaper’s report.
There has been a 78 per cent increase in ransomware attacks between 2020 and 2021 according to a Sophos survey conducted in 31 countries. Not only the number of attacks is up, but the average ransom payments have also increased considerably.
Hackers went as far as targeting hospitals, a critical target for ransomware as they are critical infrastructures with often insufficient cybersecurity protection.
To keep up with those new threats, the EU issued new rules that came into force in 2023. For example, operators of essential services “will have to take appropriate security measures and notify relevant national authorities of serious incidents”.
Meanwhile, cybersecurity experts are pushing people to apply the official guidelines to not pay the ransom and strengthen their cybersecurity defences.