Cyber ​​attack against Italy: ANC uses serious tones, but experts downplay the incident

Since yesterday, a cyber attack has been underway against several Italian companies and organizations. The attackers also targeted some other countries and the National Cybersecurity Agency (ACN) immediately used very serious tones to describe the extent of the incident, speaking of a “massive attack”.

It is a ransomware attack , in which cybercriminals lock down a computer system using encryption and demand a ransom to make it accessible again. The hackers behind this attack demanded a payment of 2 BTC from the victims , or about 42 thousand euros, and the criminals were given three days to pay.

The attack affected the servers of VMWare ESXi , a popular server virtualization service. Initial reports indicate that the attack exploited a two-year-old known weakness for which VMWare had released a patch.

ACN has alerted several subjects exposed to the threat (and not yet affected), but at present we do not yet know the extent of the incident and, in other words, it is difficult to quantify exactly the number of Italian servers already affected. Some IT security experts have called for a less alarmist attitude than that of the ANC, downsizing the real gravity of the threat. After all, only companies that have not downloaded any security patches in the past two years would be exposed.

Technically, the previously mentioned VMware platform was involved, used by systems engineers, also to manage internet services. The companies concerned, a few thousand in the world, used systems that were not updated and exposed, i.e. vulnerable to problems that had been known for a couple of years

explained the university professor Stefano Zenero. The Cybersecurity Agency has recommended that those using VMWare ESXi update their systems immediately.