A global ransomware hacking attack brought Italy’s Internet to its knees yesterday (Sunday 5 February), with attackers exploiting unpatched VMware systems.
The country’s Internet had been restored by last night, but the Italian National Cybersecurity Agency is warning that other countries – including France, Finland, the US and Canada – are likely next in line to be attacked.
VMware comments that it is believed that a ransomware variant dubbed ESXiArgs appears to be leveraging CVE-2021-21974, a two-year-old vulnerability.
Patches for the vulnerability were made available in VMware’s security advisory of 23 February 2021, according to a statement from the company.
“Security hygiene is a key component of preventing ransomware attacks, and customers who are running versions of ESXi impacted by CVE-2021-21974, and have not yet applied the patch, should take action as directed in the advisory,” says a VMware spokesman.
He adds that further guidance for hardening ESXi is available in VMware’s Security Configuration Guide.
“The security of our customers is a top priority at VMware, and we recommend that all customers join our security advisory mailing list and visit our Ransomware Resource Centre for detailed guidance on ransomware prevention, detection, and response.”
Meanwhile, the US Cybersecurity and Infrastructure Security Agency is working with its partners to assess the impacts of the attacks across Italy.