A major cyber attack targets a security gap that was actually closed in early 2021. However, some IT managers have not done their homework. Companies from Germany are also among the victims.
Companies and public institutions in Germany were also damaged in a large-scale global wave of cyber attacks using blackmail software. “According to the current state of knowledge, there seems to be a mid-three-digit number of people affected in Germany,” said the Federal Office for Information Security (BSI) in Bonn on Monday in response to a dpa request. More concrete statements about the extent of the damage are not yet possible. The Italian cyber security authority ACN had already warned of the wave of attacks on Sunday and called on organizations to take measures to protect their systems.
The cyber attacks are aimed at users of a special virtualization solution from the manufacturer VMWare, so-called ESXi servers, which divide a physical server into several virtual machines. According to the BSI, the regional focus of the attacks was on France, the USA, Germany and Canada. Other countries are also affected. In so-called ransomware attacks, the attackers penetrate the systems, take control and lock the victims out. The data is usually encrypted and only made accessible again after paying a ransom.
According to the BSI, the security gap in the VMWare software was closed in February 2021 by updating the program. At that time, the authority also warned against exploiting vulnerabilities in the corresponding product.
Rüdiger Trost, Head of Cyber Security Solutions at the IT security company WithSecure, told dpa that around 84,000 servers with the affected software were installed worldwide, and around 7,000 in Germany. However, it was not possible to say which of these were still vulnerable. The expert pointed out that the security gap had been discovered and closed some time ago. “Anyone who is still a victim should check their protective measures.”
A special feature is that in the current case the attack is not directed against Windows software, but against a solution that runs on the Linux operating system. “Many people mistakenly think that Linux ransomware does not exist and do not take appropriate protective measures,” said Trost.