(Bloomberg) — Thousands of computer systems worldwide were exposed to a ransomware attack targeting specific types of systems, days after a UK derivatives trading operator was subject to a similar hack.
Most Read from Bloomberg
According to cybersecurity agencies in France and Italy, their countries, as well as Canada and the US, were among those affected. Officials in Italy will meet Monday to assess the situation.
The hack exploits a vulnerability for which a patch has been available for two years. France’s Computer Emergency Response Team said applying patches now won’t be enough because hackers may have taken advantage and “dropped malicious code.”
Ransomware is a type of malware that locks up a victim’s files, and the hackers demand payment to provide an encryption key. LockBit, the gang behind last week’s attack on ION Trading UK that upended derivatives trading, said it received a ransom and unlocked those files. ION has declined to comment on whether a ransom was paid.
It’s not clear whether any group has claimed responsibility for the latest attack. LockBit has been active since at least January 2020 and has extorted at least $100 million in ransom demands, according to the US Justice Department.
According to public reports, the latest attacks seem to target a specific vulnerability of some VMware ESXi hypervisors. These let companies host virtual machines and run multiple operating systems on a single server.
“The vulnerability being targeted is two years old and should have been patched by now, but evidently many servers are still not protected,” Stefano Zanero, professor of cybersecurity at Italy’s Politecnico di Milano, said in an interview.
Following last week’s ransomware attack on ION Trading, the company issued a statement saying the cause of the issue was a cyber incident involving VMware servers.
–With assistance from Andrew Martin and Ian Fisher.
Most Read from Bloomberg Businessweek
©2023 Bloomberg L.P.