Hackers are targeting a two-year-old VMware server software vulnerability in a ransomware campaign aimed at extorting thousands of companies around the world, Italy’s National Cybersecurity Agency warned on Saturday (Feb. 4). The cybersecurity agency estimated the attack to be in its third-highest threat category.
The cyberattack exploited a known software vulnerability, demanding 2.06 bitcoin ($19,000) in ransom payments from companies in the US, Canada, and across Europe, including Italy, Germany, and France. It’s not yet clear who are the hackers behind the attack that has affected more than 3,200 servers so far, but Italy’s NCA excluded the possibility of a state-like entity.
A spokesperson for VMware said the company patched the issue when it first came to light in 2021 and is urging customers to update to the newest software in order to protect their systems. “Organizations who are running versions of ESXi impacted by [the ransomware], and have not yet applied the patch, should take action as directed in the advisory,” company spokesperson Doreen Ruyak told Techcrunch.
The ransomware attack could not have come at a worse time for the company, as VMware is currently in the process of a major and much-scrutinized acquisition by US chip manufacturer Broadcom.
Antitrust regulators scrutinize Broadcom’s purchase of VMware
Antitrust regulators in the US and Europe are actively investigating Broadcom’s proposed $61 billion purchase of VMware. EU officials specifically cited the deal’s potential to concentrate ownership on both sides of the data storage process, preventing competitors from using industry-standard software.
“We are concerned that after the merger, Broadcom could prevent its hardware rivals to interoperate with VMware’s server virtualization software. This would lead to higher prices, lower quality, and less innovation for customers and consumers,” Margrethe Vestager said in an EU press release.
Representatives for both companies say it wouldn’t make financial sense for Broadcom to limit competitor access to VMware’s software, similar to how IBM keeps its Red Hat software open-source. It is common practice for deals of this size to be scrutinized by competition authorities, and the deal has already been approved by regulators in Germany, France, Brazil, and Canada.
A timeline of VMware’s evolution, from $625 million to $61 billion:
1998: Graduate students at UC Berkeley found the company with Diane Greene at the helm as CEO. The company only has 20 employees during its first year of operation.
1999: VMware’s first product, the VMware Workstation, is launched. It allows users to operate multiple servers on just one personal computer.
2001: The company officially enters the server market, launching the GSX (hosted) and ESX (hostless) servers.
2004: EMC, a major data storage company, acquires VMware outright for $625 million.
2007: EMC takes VMware public, with shares priced at $29.
2008: After a poor financial performance, EMC fires CEO and founder Diane Greene. She is replaced by the head of EMC’s cloud computing unit, Paul Maritz.
2012: Pat Genslinger, former head of strategy at EMC, is appointed the new CEO of VMware.
2016: Dell acquires EMC, bringing their own cloud server unit to the company and making the VMware Workstation redundant. In response, VMware executives announce mass layoffs, including all US-based developers working on the Workstation product.
2017: Glassdoor ranks VMware as the third highest-paying company in the US.
2021: Dell announces that it would sell off its remaining stake in the company, effectively de-merging the two companies. As a consequence of the decision, Genslinger resigns as CEO and is replaced by Raghu Raghuram, a long-time executive at the company.
2022: Broadcom announces it will acquire VMware for $61 billion. Antitrust regulators for the UK and the EU announce investigations into the purchase.
2023: Hackers infiltrate VMware’s servers using the Log4Shell vulnerability, impacting thousands of customers.
? The FTC is preparing a wide-ranging antitrust lawsuit against Amazon
?Activision Blizzard was fined $35 million for neglecting employee complaints
In recent news, hackers are taking advantage of a “critical flaw” in the popular virtualization software, VMware, as part of a ransomware campaign targeting thousands of organizations. According to security researchers, attackers are exploiting a vulnerability known as CVE-2021-21972 in order to gain access to a system and install malicious code.
CVE-2021-21972 is an UNAUTHORIZED Access vulnerability, which is a known flaw that can be taken advantage of by hackers in order to gain remote, unauthorized access to a system. The vulnerability is found in vCenter, the server component of the VMware software and allows attackers to bypass security and gain elevated privileges on the system.
Once inside, hackers will then use ransomware to encrypt the system’s data and threaten to delete it should their demands not be met. Ransomware is a form of malicious software (malware) designed to prevent users from accessing their systems and data and is often used by hackers for financial gain.
Many of the organizations targeted by these hackers are vulnerable to this type of attack due to a lack of security measures. The best way to protect against these attacks is to ensure all systems are up-to-date with the latest security patches and updates, as well as implementing additional security measures such as Multi-Factor Authentication (MFA) or limiting access to specific users.
It is important for all organizations to take the necessary steps to protect their systems from this type of attack. This includes keeping all software and systems up to date with the latest security patches and making sure all users have unique passwords and access levels.
It is also important to be aware of the latest cyber security trends and threats, in order to be able to detect and prevent attacks. By keeping up-to-date with the latest security news and following best practices, businesses can safeguard against falling victim to ransomware and other malicious threats.