Italy has been hit by a massive-scale ransomware hacking attack, targeting thousands of computer servers globally, according to Italy’s National Cybersecurity Agency (ACN). The attack aimed to exploit a software vulnerability and has affected servers in other European countries like France and Finland, as well as the United States and Canada.
The ACN has warned organizations to take action to protect their systems and dozens of Italian organizations have likely been affected.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that it is working with public and private sector partners to assess the impact of the reported incidents and providing assistance where needed. However, the Italian government has said that the attack was probably the handiwork of criminal hackers and not a state or state-like entity.
The hack targeted servers running on VMware’s “ESXi” software, a kind of hypervisor that runs virtual computers. VMware has released an update in 2021 to fix the issue and urged its customers to patch their systems. The attack has affected thousands of servers globally, with the majority of the affected servers in France, followed by the United States and Germany.
According to cybersecurity consultant Daniel Card, many organizations have recovered their virtual machines without having to restore from a backup. In addition, although the attack appears to be targeting victims mainly in Western countries, it does not seem to be highly sophisticated.
Card added: “It’s somewhat effective but has had a mixed impact. A number of organizations have recovered their virtual machines without having to restore from a backup.”
U.S. cybersecurity experts have taken note of the Italian attack and others worldwide recently, warning governments and corporate organizations to take action to protect their systems. While the Italian government believes that the attack was the handiwork of criminal hackers and not a state or state-like entity, American experts warn rogue regimes like North Korea are likely involved in terroristic hacking activities.
North Korea has specifically been involved in cryptocurrency thefts totaling billions of dollars in the past couple of years. In addition, the country is now believed to be involved in widespread credential harvesting activity designed to compromise the overall security of massive information systems.