Thousands of computers struck by cyberattack in Italy, France, and others

Several thousand computer systems around the world have been exposed to a ransomware attack. As per cybersecurity agencies in France and Italy, the two countries along with Canada and the US are among the worst affected. The affected systems were exposed to an attack in the VMware ESXi servers. This news comes on the heels of a similar cyberattack on a UK derivatives trading operator ION reported on January 31. 

As per reports, the attack targets the vulnerability of some VMware ESXi hypervisor. Bare metal hypervisors like VMware ESXi are virtualisation software that directly runs on the host machine hardware. This lets companies host virtual machines and run multiple operating systems on a single server. 

Notably, the vulnerability being targeted is two years old. “[It] should have been patched by now, but evidently many servers are still not protected,” Stefano Zanero, professor of cybersecurity at Italy’s Politecnico di Milano, said in an interview, as reported by Bloomberg. France’s Computer Emergency Response Team said that applying patches will not be enough now because hackers may have taken advantage and added malicious code. 

To be sure, on January 31, financial technology firm ION suffered a cyberattack, for which the LockBit ransomware gang claimed responsibility. As per a Reuters report, the attack impacted 42 customers of ION, which may have included Italy’s biggest bank — Intesa Sanpaolo. The gang had threatened to publish all the available data. However, later Bloomberg reported on February 3 that the ransom amount was paid to the group which in turn provided a decryption key to unlock the compromised systems. The total amount paid was not revealed. 

Ransomware group LockBit reportedly has ties to Russia. Its malware was even used in the cyberattack in January 2023 against the UK Royal Mail which paralysed the delivery of international posts. The gang has hacked 1,000 victims since it began operations in January 2020. As per the US Justice Department, it has extorted $100 million in ransom to date. LockBit’s connection with the recent attack on Italy, France, and others has not been established.