Global VMware ESXi ransomware attacks not linked to nation-state attackers

Reuters reports that cybercriminals and not nation-state actors are believed by Italy's National Cybersecurity Agency to likely be behind the widespread ransomware attacks that targeted thousands of VMware ESXi servers worldwide. "No evidence has emerged pointing to aggression by a state or hostile state-like entity," said the Italian agency, which added that the attack has not compromised any entity in its critical national security sectors. While VMware has patched the security flaw exploited in the attacks two years ago, thousands of VMware ESXi instances continued to be vulnerable, with France, the U.S., and Germany accounting for most of the exposed servers. "It's somewhat effective but has had a mixed impact. A number of organizations have recovered their virtual machines without having to restore from a backup. It appears to be targeting victims mainly in Western countries, but does not look highly sophisticated," said U.K.-based cybersecurity expert Daniel Card.