An unknown hacker group is currently running a coordinated ransomware campaign against companies that have still not armed themselves against a two-year-old software vulnerability. The Italian and French cyber authorities are therefore once again urging companies to update their systems to protect themselves against the attacks.
Affected are companies that use software from VMWare to set up virtual machines on their servers. The attackers seem to have found a way to distribute malicious software that encrypts the data on these virtual machines over the Internet without much effort. According to the IT security search engine Onyphe, more than 2,100 Internet accesses have been compromised in this way in the past few days. According to the search engine Shodan, most attacks on companies are in Canada, the USA, France and Germany.
The criminals were well prepared
The criminals seem to have prepared their campaign well, otherwise the speed with which companies are currently being encrypted is difficult to explain. The French IT defenders therefore warn that even if companies update the relevant software now, they should not feel too safe: the hackers could already be in the system.
The Federal Office for Information Security (BSI) speaks of a “mid three-digit number” of companies affected by the attack in Germany. More detailed information on the extent of the damage is not yet available. However, the authority is in close contact with international partner authorities and will inform about their website, as soon as there are updates on damage or protection options.
Derivatives trading paralyzed
Ransomware attackers who encrypt networks and demand ransoms from their victims for the release of the data have repeatedly made headlines in recent years. The most devastating is currently a piece of software called Lockbit. In the past week, the company was with Lockbit Ion Trading UK has been paralyzed. With its software, the British company is responsible for a large part of international derivatives trading. Banks and stock exchanges were forced to manually process their derivatives trading due to the company’s failure.
The term ransomware stands for malware that encrypts data on compromised computers and demands a ransom (ransom) for decryption. To do this, the criminals work together in networks: some take care of hacking into computers and encrypting the data, others handle the possible ransom payments. However, it is not certain whether the data will actually be recovered. The software is often programmed sloppily so that the recovery of the encrypted data does not work or does not work consistently. Authorities recommend not paying a ransom because doing so will only give the business model a boost. However, many companies do not adhere to this because the effort may be less for them or they do not have a good backup of the data.