A “massive attack using an already circulating ransomware” has been detected by the Computer security incident response team Italy of the National Information Security Agency. ACN’s engineers have already surveyed “several dozen possibly compromised national systems and alerted numerous individuals whose systems are exposed but not yet compromised.” However, it explains, “there are still some exposed, uncompromised systems whose owner could not be traced. They are called upon to update their systems immediately.”
The attack targeted VMware ESXi servers. The vulnerability exploited by the attackers has already been corrected in the past by the manufacturer, but, highlights Acn – the National Information Security Agency – “not all those who use the currently affected systems have solved it” and the targeted servers, if will release adequate fixes, “it can open the door to hackers busy exploiting it in these hours after the strong growth of attacks recorded over the weekend”. The first to notice the attack were the French, probably due to the large number of infections registered on the systems of some providers in that country. Subsequently, the wave of bombings moved to other countries, including Italy.
At the moment there are a few thousand compromised servers all over the world, from European countries like France – the most affected country – Finland and Italy, up to North America, Canada and the United States. In Italy there are dozens of realities that have found malicious activity against them but – according to analysts – they are destined to increase.
Leave a Reply