A major ransomware attack Sunday kicked the majority of Italians off of the internet before administrators were able to restore service.

Italy’s National Cybersecurity Agency, ACN, said the attackers targeted a known vulnerability in VMware’s ESXi servers. VMware encouraged customers to install patches.

If it feels like you’ve heard this story before, that’s because you probably have. In fact, you’re forgiven for thinking this feels like Groundhog Day.

That’s because the vulnerability was first detected almost two years ago, and the Canadian Centre for Cyber Security issued its first security advisory – known as AV21-093 – on February 24, 2021. The Canadian cybersecurity agency issued a second advisory, AV22-689, on December 9, 2022. 

We already know the COVID-19 pandemic has rewritten the rules around where work gets done, and how; but there is a frightening cybersecurity angle to COVID-19 that most organizations fail to recognize.

Various reputable sources, including the United States Federal Bureau of Investigation, the Canadian Crypto Module Validation Program and Microsoft, have reported a significant increase in the number of ransomware attacks since the onset of the COVID-19 pandemic. How prepared is your organization to defend against such an attack? There are best practices that, if implemented, could prevent an attack from being successful or at least mitigate the effects thereof. Additionally, there are recommended actions to take if your systems or data are affected. Risks associated with giving in to the attacker's ransom demands should also be considered before any payment is made.

How the attacks work

Malicious software is used to deny access to data or systems until or unless the attacker's ransom demands are met. Methods for delivering the malware payload vary, with the three of the most common being phishing emails, exploitation of application vulnerabilities, and delivery via remote desktop protocol (RDP). The use of phishing emails as an attack vector is currently on the rise.