Search module is not installed.

Ransomware scramble up to Florida, Europe

07.02.2023

A worldwide ransomware outbreak has scrambled servers owned by Florida's Supreme Court and several universities in the U.S. and Central Europe, according to a Reuters analysis of ransom notes posted online to stricken servers.

There are more than 3,800 victims of a fast-spreading digital extortion campaign that locked up thousands of servers in Europe over the weekend, according to figures tallied by Ransomwhere, a crowdsourced platform that tracks digital extortion attempts and online ransom payments, and whose figures are drawn from internet scans.

Ransomware is one of the most potent scourges on the internet. Although this particular extortion campaign was not sophisticated, it drew warnings from national cyber watchdogs in part because of the speed of its spread.

Ransomwhere didn't name individual victims, but Reuters was able to identify some by looking up internet protocol address data tied to the affected servers using widely used internet scanning tools such as Shodan.

The extent of the disruption to the affected organizations was not clear. The Florida Supreme Court didn't respond to messages. Neither of the 12 universities contacted by Reuters included the Georgia Institute of Technology in the United States, Rice University in Houston, as well as institutions of higher learning in Hungary and Slovakia.

The hackers were contacted via an account advertised on their ransom notes but received only a payment demand in return. They didn't respond immediately to additional questions.

Ransomwhere said the cybercriminals appear to have extorted only $88,000, a modest haul by the standard of multi-million dollar ransoms that are often demanded by some hacking gangs. One cybersecurity expert said that the outbreak - which is thought to have exploited a two-year old vulnerability in VMWare Inc. software - was typical of automated attacks on servers and databases that have been carried out by hackers for years.

In response to this, VMWare has urged customers to upgrade to the latest versions of its software.

Patrice Auffret, founder of French internet scanning company Onyphe said this is nothing unusual. The scale is the difference. The highly visible nature of the outbreak, which began earlier this month, is also unusual. Because internet-facing servers were affected, researchers and tracking services like Ransomwhere or Onyphe could easily follow the criminals' trail.

Digital safety officials in Italy said Monday that there was no evidence that a state or hostile state-like entity has acted in a state-like manner. Samuli Knen, an information security specialist at the Finnish National Cyber Security Centre, told Reuters that the attack was likely carried out by a criminal gang, even though many victims managed to salvage their data without paying a ransom.

He said that more experienced ransomware groups don't usually make that kind of mistake.