Italy"s National Cybersecurity Agency (ACN) has sent out an alert stating that a ransomware attack has hit thousands of servers worldwide. Reuters (via Nikkei Asia) reports that a software vulnerability was used to hit the servers. Cybernews reports that the exploit was found in VMware software, but a patch to close the exploit was actually issued by the company in 2021.
The report says that while the ransomware incident has compromised a number of Italy"s servers, the same attack also hit servers in other European countries like France and Finland. In addition, it affected servers in the US and Canada, according to the report. A spokesperson for the US Cybersecurity and Infrastructure Security Agency stated that the government is working to find out how much of an impact the attacks have had, and will offer assistance to those companies affected by the attack.
Cybernews reports that the group that"s in charge of this attack are reportedly directing affected users to access an encrypted messaging service in order to pay the ransom.
A follow-up report from Reuters does have a quote from an Italy government spokesperson, stating that it does not believe that this attack was sponsored by an enemy state. It added that so far that this incident has not affected any major companies or businesses that are a part of national security.
Source: Reuters via Nikkei Asia
Update: CISA has now provided a recovery script for the attack.