As January drew to a close, several ransomware attacks hit a number of companies across the globe, events that underscored the need for even greater vigilance and stronger cybersecurity measures among corporate entities, government offices, and even individual users.
The ION Group, a leading financial data company based in Ireland, was among those hit by the Russian ransomware group LockBit in a widespread ransomware attack that began on January 31st. The attack affected numerous brokers within the group, but ION’s trading platform Fidessa appeared to be spared by the attack. The company paid for the hackers to rescind the attack.
ION issued a statement saying that the attacks were limited to a specific platform and that all servers had been disconnected; likewise, the company immediately began remediation of services almost as soon as the attack was discovered. Nevertheless, the attack disrupted trading and clearing activities for the company. The impact was bad enough that regular cleared derivatives platform services did not resume until Tuesday, February 7th.
Other companies affected by ransomware attacks were ABN AMBRO Clearing and the Italian bank Intesa Sanpaolo. In both cases, digital systems were completely compromised, forcing brokers to use manually-filled spreadsheets to enter their trades.
Not Even VMWare was Spared
But trading platforms weren’t the only ransomware victims as February rolled in. VMWare’s ESXi, a type-1 hypervisor used to deploy and serve virtual computers, was hit by a ransomware attack on February 3rd, impacting nearly 2,400 VMWare ESXi servers.
To date, VMWare states that they have not found any previously unseen vulnerabilities in their systems that could have been used to propagate the ransomware used in the attack. However, France’s national government security response team CERT-FR discovered that hackers were using an exploit code that has been around since May 2021 to send out a bug that targets non-updated products as well as those that have reached their end of general support.
Customers were then advised to upgrade their vSphere components to the latest release in order to address the threat, as well as any vulnerabilities. Users were also asked to disable ESXi’s OpenSLP service.
The Overall Impact of Ransomware
According to Verizon’s 2022 Data Breach Investigations Report (DBIR), the number of ransomware incidents went up by 13% over the past year, an increase much higher than that of the collective total of the previous five years.
Regulated industries like manufacturing and finance are among those specifically targeted by ransomware threats that usually involve the payment of a certain sum to restore systems. As a result, online security experts recommend that companies guard against such exploitative threats by improving overall security hygiene within their organizations, regularly testing their backup systems, using multifactor authentication methods, and updating any plans for incident response.