A global wave of cyber attacks has also paralyzed German companies and institutions. According to the responsible federal office, hundreds of companies could be affected. A software update could close the security gap.
Companies and public institutions in Germany were also damaged in a large-scale global wave of cyber attacks using blackmail software. “According to the current state of knowledge, there seems to be a mid-three-digit number of people affected in Germany,” said the Federal Office for Information Security (BSI) in Bonn when asked by the dpa news agency. More concrete statements about the extent of the damage are not yet possible.
The Italian cyber security authority ACN had already warned of the wave of attacks on Sunday. The cyber attack paralyzed the websites of several organizations and institutions there. ACN urged companies to take steps to protect their systems.
Malware exploited vulnerability
According to the BSI, the regional focus of the attacks was on France, the USA, Germany and Canada. Other countries are also affected. In so-called ransomware attacks, the attackers penetrate the systems, take control and lock the victims out. The data is usually encrypted and only made accessible again after paying a ransom.
The cyber attacks are aimed at users of a special virtualization solution from the manufacturer VMWare, so-called ESXi servers, which divide a physical server into several virtual machines.
According to the BSI, the vulnerability in the VMWare software was closed in February 2021 by updating the program. At that time, the authority also warned against exploiting vulnerabilities in the corresponding product.
Those affected should consider protective measures
Rüdiger Trost, Head of Cyber Security Solutions at the IT security company WithSecure, told the dpa that around 84,000 servers with the affected software were installed worldwide, and around 7,000 in Germany. However, it was not possible to say which of these were still vulnerable.
The expert pointed out that the security gap had been discovered and closed some time ago. “Anyone who is still a victim should check their protective measures.” A special feature is that in the current case the attack is not directed against Windows software, but against a solution that runs on the Linux operating system. “Many people mistakenly think that Linux ransomware does not exist and do not take appropriate protective measures,” said Trost.