France, Canada, Finland, and Italy have collectively released a warning against a ransomware attack that is targeting VMware servers through a vulnerability. And if facts are considered, the issue seems to be a two-year-old susceptibility that was fixed already. However, thousands of systems are still vulnerable to attacks, says the National Cybersecurity Agency (ACN) of Italy.
Roberto Baldoni, the Director of ACN, spilled some details that were found by his team in a recent study and claimed that the attack can give easy access to hackers to drop a file encrypting malware.
VMware has issued a statement on this note saying that it has issued a fix to the flaw in Feb 2021 and all its customers were expected to apply the patch by early last year- that did not take place in real.
US CERT is busy in assessing the impact of the reported incidents on its nation’s IT infrastructure as most American companies use the VMware ESXi Hypervisors to 1000s of virtual machines & operating systems on single physical servers.
Unconfirmed sources state that threat actors exploited two companies by exploiting the known flaw to the core. However, ACN and CERT are yet to find evidence for confirmation.
LockBit ransomware group is suspected to be targeting VMware servers and history speaks that the said threat gang demand a ransom ranging between $60 to $100m to decrypt the servers.
NOTE- This ransomware group first steals data and then encrypts a database until a ransom is paid. And if the victim disagrees to pay the ransom, the criminals release the siphoned data in a pattern of installments- one to claim their hack and two to put pressurize the victim in paying the demanded sum. They also sell a portion of data, if it is valued high.