New ransomware poses trans-Atlantic cyber threat

French and Italian cybersecurity agencies have warned of a new ransomware scheme targeting thousands of computer networks in their countries, as well as the United States and Canada, using a two-year-old vulnerability in a widely used virtual machine package.

The National Cybersecurity Agency of Italy warned of a “massive” potential threat using vulnerabilities in VMware ESXi, used to deploy virtual computers. VMware issued patches in early 2021.


With the VMware ESXi package a popular product, organizations should be “very concerned” about this new ransomware attack, said Harmandeep Singh, director at Cyphere, a cybersecurity services provider. Organizations running VMware ESXi should patch the software immediately if they have not already done so, he advised.

“This attack has the potential to cause significant damage,” he added. “It has already been used to target computer systems in multiple countries and, if left unchecked, could lead to the loss of data and financial resources. Additionally, it could allow malicious actors to gain access to confidential information and potentially cause disruption to critical systems.”

There’s a risk beyond ransomware with this new attack, added Chris Jacob, global vice president of the Threat Intelligence Engineers group at ThreatQuotient. The vulnerabilities could be used to gain access to computer systems and look around, he said.

“Ransomware is a quick indicator that you have been attacked, and hopefully, this will serve as a call to action,” Jacob told the Washington Examiner. “However, you have to wonder how many more advanced adversaries are using this as an attack vector for a more long-term reconnaissance play.”

The warnings of the attacks seem to indicate that many ESXi servers are still running the vulnerable service found more than two years ago, he added: “How many attackers over those two years have gained access and haven’t exposed themselves over the last two years?”

The two cybersecurity agencies didn’t name a suspect…
