(Bloomberg) -- Thousands of computer systems worldwide were exposed to a ransomware attack in VMware ESXi servers, according to Italy's national cybersecurity agency, days after a UK derivatives trading operator was subject to a similar hack.
Most Read from Bloomberg
China Moves From Contrite to Confrontational Over US Balloon
US Downs Chinese Balloon, Prompting Protests from Beijing
Trump Offers $1 Million Bond to Appeal Clinton Suit Sanctions
What You Need to Know About the Alleged Chinese Spy Balloon Shot Down by the US
From China to Big Sky: The Balloon That Unnerved the White House
The Italian government said the cybersecurity agency, or ACN, will meet with top officials Monday morning to assess the situation. Countries affected also include France, Canada and the US, the agency said.
"The vulnerability being targeted is two years old and should have been patched by now, but evidently many servers are still not protected," Stefano Zanero, full professor of cybersecurity at Italy's Politecnico di Milano, said in an interview. Italy wasn't specifically targeted, Zanero added.
ION's Woes Far From Over Even If It Paid Ransom, Experts Say
Ransomware is a type of malware that locks up a victim's files, and the hackers demand payment to provide an encryption key. LockBit, the gang behind last week's attack on ION Trading UK that upended derivatives trading, said it received a ransom and unlocked those files. ION has declined to comment on whether a ransom was paid.
It's not clear whether any group has claimed responsibility for the latest attack. LockBit has been active since at least January 2020 and has extorted at least $100 million in ransom demands, according to the US Justice Department.
According to public reports, a ransomware variant dubbed ESXiArgs appears to be leveraging CVE-2021-21974, a two-year-old vulnerability for which patches were made available in VMware's security advisory of Feb. 23, 2021, according to a VMware spokesperson.
"Security hygiene is a key component of preventing ransomware attacks, and customers who are running versions of ESXi impacted by CVE-2021-21974, and have not yet applied the patch, should take action as directed in the advisory," the VMware official said.
Following last week's ransomware attack on ION Trading, the company issued a statement saying the cause of the issue was a cyber incident involving VMware servers.
--With assistance from Andrew Martin and Ian Fisher.
Most Read from Bloomberg Businessweek
ChatGPT Gets an MBA
A Billionaire's Son Battles a Turbulent WWE Over the Future of Pro Wrestling
When Hackers Hobbled Ireland's Hospitals, They Took Themselves Down, Too
A Portuguese Manufacturer Aims to Unseat Asia in $5,000 Bikes
Drugstore Chains Are Anti-Abortion Groups' Latest Target
©2023 Bloomberg L.P.
