In Germany, numerous companies and public institutions have once again been damaged by a broad-based cyber attack. So-called ransomware was used to blackmail the companies. According to current knowledge, the responsible Federal Office for Information Technology (BSI) assumes that the number of damaged companies is in the mid three-digit range.
At the current time, it is not yet possible to make any valid statements about the extent of the damage caused by the cyberattacks, the BSI told the dpa news agency. Even before the wave of attacks, there was a warning to this effect from the Italian counterpart, the cyber security authority ACN there. This pointed companies to the need to protect systems.
Ransomware extorts ransom from companies
Using a ransomware attack, the cyber attackers extorted ransoms and focused on the virtualization solution from the manufacturer VMW-Ware. These ESXi servers divide servers into different virtual machines. Authorities believe the local focus of the attack was in the U.S., Germany, Canada and France. But other countries were also underrepresented.
The so-called ransomware attacks are used to extort ransom money. The attackers illegally penetrate a foreign system and take control of the servers. The companies then have no access whatsoever to their systems. The data is encrypted by the attackers and offered to the affected companies in exchange for the payment of a ransom.
Actually, the vulnerability in VMWare’s software was already fixed last year by an upgrade. At the time, the agency was already warning users about potential vulnerabilities that attackers could use for cyber attacks.
Over 84,000 servers could be affected
Globally, the affected software solutions are installed on around 84,000 servers. 7000 of them are currently in Germany. However, it is not yet possible to verify which servers are really vulnerable, according to Rüdiger Trost, the responsible head of the “Cyber Security Solutions” department at the IT security company WithSecure.
According to the report, companies that fall victim to a cyber attack should urgently evaluate their own security measures, because actually the vulnerability has long been identified and comprehensively closed.
The current ransomware attack is different from the majority of known cases. This is because most of the time cyber attacks are directed against Windows systems, while in this case the Linux operating system was chosen by cyber criminals. Many users of Linux mistakenly believe that there is no ransomware here and consequently forgo security measures – a fallacy, as is currently being demonstrated once again.