Over 2,000 Computers Infected in 24 Hours Exploiting a Two-year-old MVware Vulnerability

In early February, Mware ESXI servers around the world suffered an extensive targeted ransomware attack, exploiting a known vulnerability which was patched back in February 2021 (CVE-2021-21974).

European Authorities, including French Computer Emergency Response Team and Italyโ€™s national cybersecurity authority (ACN), officially warned organizations worldwide against the massive attack on ESXi servers, that has soon become one of the most extensive ransomware cyberattack ever reported on non-Windows machines.

The breach represents just the latest example of hackers leveraging old vulnerabilities in widely used software: despite being conducted on a relatively small scale, the attack highlights in fact the catastrophic consequences that can result from such a breach, particularly since a significant number of software users were alerted years in advance but failed to take precautions.