By Giuseppe Fonte and James Pearson
ROME/LONDON – Global ransomware activity that targeted thousands of computer servers in Italy and other countries was probably the handiwork of criminal hackers and not a state or state-like entity, the Italian government said on Monday.
Italy’s National Cybersecurity Agency (ACN) said on Sunday that hackers had targeted thousands of computer servers around the world running on VMware “ESXi” software.
“No evidence has emerged pointing to aggression by a state or hostile state-like entity”, an Italian government statement said, adding that no major Italian institution or company operating in critical national security sectors had been affected.
The hack was identified on Feb. 3 and reached its peak on Sunday, said the statement, which added that the hackers were taking advantage of a software exploit first identified two years earlier, in February 2021.
“Some of the recipients of that advice took the warning into due consideration, others did not and unfortunately are now paying the consequences,” the statement added.
VMware’s “ESXi” is a kind of hypervisor – software which runs virtual computers. Those virtual systems are sold by some internet hosting companies as low-cost alternatives to running real, physical servers.
A VMware spokesperson said it released an update in 2021 which fixed the issue and urged its customers to patch their systems.
The attack has hit thousands of servers globally, according to data compiled by U.S.-based cybersecurity firm, Censys, with the majority of affected servers in France, followed by the United States and Germany.
“It’s somewhat effective but has had a mixed impact. A number of organisations have recovered their virtual machines without having to restore from a backup,” said Daniel Card, a cybersecurity consultant based in Britain.
“It appears to be targeting victims mainly in Western countries, but does not look highly sophisticated,” Card added.