A new global ransomware campaign has hit at least 3,800 victims, including hundreds in the US, according to crowdsourced data reviewed by CNN, prompting warnings from European and US cybersecurity officials.
Only four of those victims, however, have paid ransoms so far, according to “Ransomwhere,” a platform built by cybersecurity researchers to track ransomware attacks. And the extent to which the ransomware – which encrypts computers and demands a payoff – has disrupted operations at the victim organizations, if at all, is unclear.
The attackers are exploiting a 2-year-old vulnerability in widely used software made by California-based cloud computing giant VMWare.
The tally of 3,800 victims from Ransomwhere covers IP addresses, the unique numbers that identify computers online. The tally of affected organizations could be lower than 3,800 if multiple IP addresses correspond to the same organization.
Reuters first reported on the data from Ransomwhere.
Despite arrests and seizures of hacking infrastructure, ransomware remains one of the top digital threats to the operation of critical infrastructure like hospitals and factories. And the problem is compounded by bad security practices.
The latest outbreak has been so widespread because the victim organizations have left the vulnerable software exposed directly to the public internet, making it easier for the cybercriminals to break in.
French and Italian government agencies warned about the attacks late last week and over the weekend, and now US cybersecurity officials say they are on call to help US victims.
The federal US Cybersecurity and Infrastructure Security Agency “is working with our public and private sector partners to assess the impacts of these reported incidents and providing assistance where needed,” a CISA spokesperson told CNN.