The Italian National Agency for Cybersecurity (l'Agenzia per la Cybersicurezza Nazionale, ACN) has warned that a massive ongoing malware attack affects thousands of servers around the world, noting that this attack takes advantage of a known security vulnerability and has had a security patch since 2021.

The Italian newspaper "Al-Messagero" indicated that viruses called "ransom" were used in the electronic attack on thousands of servers in the world, which is malicious software capable of infecting a computer system, in this case the server, to encrypt and block it, and demand a financial ransom in exchange for its recovery.

Dozens of Italian organizations have been affected and many others have been warned to take appropriate measures to protect themselves.

The ESA said servers were hacked in other European countries such as France and Finland, as well as in the United States and Canada, and dozens of Italian organizations were likely affected by the attack. Telecom Italia customers reported internet problems earlier Sunday, but this is not believed to be linked to the attack reported by the agency.

The Italian agency ANSA indicated that the Italian Computer Security Incident Response Team, the body responsible for monitoring incidents and intervening in the event of attacks, discovered that cybercriminals managed to penetrate dozens of systems with ransomware.

The agency has also alerted both public and private institutions that their systems are compromised and therefore vulnerable to attacks.

"Dozens of companies do not even know that they are under a cyberattack, but they must update their systems immediately," warned Roberto Baldoni, General Manager of the Italian company ACN, warning that this cyberattack affects institutions and companies in dozens of countries and urges them to strengthen their cybersecurity.

The agency noted that the target of the cyberattack was servers running unpatched VMware ESXi. ESXi is software that runs on a server. It is a hypervisor, also known as a virtual machine monitor, that creates and runs virtual machines.

A security update fixes the bug, so the servers affected by the cyberattack will be those that did not apply the security patch to that product.

France was the first country to spot this attack, and later it moved to other countries, such as Italy. It is estimated that there are currently thousands of hacked servers around the world, and dozens of companies have already found malicious activity against them.
Source: The Seventh Day website