Hackers Target Countless Computers After An Ion Attack

More than 2,100 computers around the world got infected over the weekend

Cybercriminals are actively exploiting a two-year-old VMware vulnerability as a part of a global ransomware campaign

Thousands of computers globally exposed to a ransom attack days after the UK financial software firm Ion faced a similar attack. It happened days after the derivatives trading company in the UK was targeted by a cyber attack.

The French Computer Emergency Response Team stated that simply applying patches will not protect the systems. Hackers are brilliant and might have taken advantage and “dropped malicious code.”

According to France’s (CERT-FR), since February 3, hackers have been targeting their attacks on “VMware ESXi” servers. In addition, Italy’s National cybersecurity organization ACN also warned of a massive ransomware attack that targets thousands of servers in North America and Europe.

According to a recent study, “in the current state of investigations, these attack campaigns witnessed advantage of the exposure of ESXi hypervisors. Which are not updated with security patches quickly enough,” stated CERT-FR.

Though, the vulnerabilities give chances for attackers to destroy arbitrary code remotely. According to the Census search, up to now, over 3,200 VMware servers affected by attackers across the world by the ESXiArgs ransomware campaigns.

Hence, France is the country that is deadly affect by the attackers. The U.S., Canada, Germany, and the UK are on the list.

A VMware spokesperson told the news that patches for the vulnerability. “Made available to customers two years ago in VMware’s security advisory of February 23, 2021”.
On the other hand, US cybersecurity officials have also notified that they are investigating the ESXiArgs campaign.

“CISA is working with our public and private sector partners to assess the impacts of these reported incidents and providing assistance where needed,” said a CISA spokesperson.

Though “security hygiene is a key component of preventing ransomware attacks. Organizations running versions of ESXi impacted by CVE-2021 21974, and have not yet applied the patch. Should take action as directed in the advisory,” the spokesperson said.

Moreover, he also added that “any organization experiencing a cybersecurity incident should immediately report it to CISA or the FBI.”
The ransomware campaign is already creating “significant damage” to computers with special codes due to the unpatched machines.

Intelligence and cybersecurity companies are still in search to find out who is behind the ransomware campaign.
Alas, the copy of the alleged document, shared by the threat intelligence provider DarkFeed, reveals that the hackers used a triple-extortion strategy in which they threatened to inform the victims ‘customers of the data breach.

The ransom demand from the unidentified attackers is 2.06 bitcoin, or nearly $19,000, and each note contains a different wallet address.

Read more:

Cybercrime Jobs Are Available On The Dark Web: Pay Up To $20K Per Month

PTA to Implement LFD system to manage SIM frauds and Cybercrime