OVHcloud Targeted by Lockbit3 Ransomware Group

Company Profile

Euromip, a client of OVHcloud, operates within the Media & Internet sector, focusing on website creation and offering a range of hosting solutions such as web hosting, VPS, and dedicated servers. Despite the lack of detailed public information regarding its size or industry standing, the sector's involvement with sensitive data makes it a prime target for ransomware attacks.

Vulnerabilities and Mitigation

Ransomware attacks often leverage weaknesses in software, such as outdated or unpatched systems and insufficient security protocols. The breach at Euromip may have been precipitated by an exploit in OpenSLP, facilitating unauthorized access through which ransomware was deployed, potentially exploiting the CVE-2021-21974 bug in VMware ESXi hypervisors.

In response, OVHcloud has implemented disaster recovery solutions, including those powered by Zerto, and stressed the importance of robust data protection and disaster recovery strategies. Despite these efforts, the incident with Euromip serves as a critical reminder of the necessity for ongoing vigilance and the adoption of proactive security measures.

The Lockbit3 ransomware group's attack on Euromip serves as a stark reminder of the persistent ransomware threat facing the Media & Internet sector. Despite OVHcloud's defensive measures, this event highlights the critical need for businesses to adhere to the latest security patches and best practices to diminish the likelihood of successful cyber attacks.

Sources

• OVHcloud Blog: Ransomware targeting VMware ESXi
• The Hacker News: New Wave of Ransomware Attacks Exploiting VMware Bug to Target OVHcloud